Billhop is a people-focused scale-up that values personal and business growth equally. Colleagues at Billhop appreciate the combination of a stimulating and ambitious job environment with a trusting and encouraging culture together with a high amount of flexibility and respect for people’s private lives. Investing in our people, by offering competitive benefits as well as development opportunities, is a given for us. We are proud of being a diverse group of people helping each other to continuously challenge ourselves and to develop great products to our clients.
Through our unorthodox buyer funded approach we bridge the card acceptance gap that the B2B space faces, enabling the financial fluidity that businesses gain by optimizing cash flow through card payments.
We are looking for a collaborative Information Security Manager (ISM) to join our team in Stockholm. We are a technology company on a mission to continuously develop great products and we are active in the exciting intersection of card payments, banking infrastructure and customer facing interfaces. The ISM is responsible for further developing and maintaining a corporate wide information security management program to ensure that information assets are adequately protected. This position is responsible for identifying, evaluating and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the company.
The ISM position requires sound knowledge of business management and a working knowledge of information security technologies. The ISM will proactively collaborate with all functions to implement practices and internal documents that meet defined policies and standards for information security. He or she will also oversee a variety of IT-related risk management activities.
The ISM serves as the process owner of all assurance activities related to the availability, integrity and confidentiality of customer, business partner, employee and business information in compliance with the organisation’s information security policies.
A key element of the ISM’s role is working with executive management to determine acceptable levels of risk for the organization.
The ISM’s job is composed of a variety of activities, including strategic and operational activities in support of the ISM’s program initiatives, such as:
Strategic support - Develop, maintain and monitor the information security and IT risk management program to ensure that the integrity, confidentiality and availability of information is owned, controlled or processed by the organization.
Security liaison - Manage security issues and incidents, and participate in problem and change management forums. Ensuring timely reporting and adequate participation in investigation for security incidents.
Architecture/engineering support - Recommend and coordinate the implementation of technical controls to support and enforce defined security policies. Ensure that security is factored into the evaluation, selection, installation and configuration of hardware, applications and software.
Operational support - Manage the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans and communicate information about residual risk.
The role will be reporting to our CTO and located at the Stockholm office or hybrid remote.
We hope that you are as passionate about building something together with others as we are. As a person, you are ambitious and have the ability and desire to work both collaboratively and autonomously within an entrepreneurial environment. We hope that you get excited by the idea of joining an ambitious scale-up journey and are curious to learn more about the fintech industry and BTB payments solutions.
To succeed in this role, we think you need:
- A minimum of three years of experience within information security
- Experience with common information security management frameworks, and organizational control frameworks, specifically Service Organization Control (SOC2)
- Experience developing and maintaining policies, procedures, standards and guidelines.
- Proficiency in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies
- Experience in system technology security testing (vulnerability scanning and penetration testing)
- Familiarity in application technology security testing (white box, black box and code review)
- A bachelor’s degree in information or computer systems, or combination of experience and education
- Experience from Security+, Google Cloud Professional Cloud Security Engineer, or any other cloud security certification is a plus
- Experience from fintech or the payment industry is a bonus
We also think you are:
- Highly collaborative and communicative - you care about your colleagues and feel passionate about building something together with others
- Humble and open-minded - eager to learn from others
- Deadline-driven and action-oriented approach to delivery
- Proactive and solution-oriented