Chief Information Security Officer

At Trustly, we're building a smarter, faster, and more secure financial future by revolutionizing the world of payments. As a global leader in Open Banking Payments, we are establishing Pay by Bank as the new standard at checkout, providing unparalleled freedom, speed, and ease to millions of consumers and merchants worldwide.

Our Ambition: To build the world’s most disruptive payment network and redefine what the payment experience should feel like.

Trustly is a global team of innovators, collaborators, and doers. If you are driven by a strong sense of purpose and thrive in a dynamic, entrepreneurial, and high-growth environment, join us and be part of a team that’s transforming the way the world pays.

About the team 
The Security & Information Technology organization is the backbone of Trustly’s commitment to global financial trust. We are responsible for architecting a resilient security posture and a seamless, AI-native workplace that enables our global workforce to innovate at speed. Our mission is to protect millions of transactions while ensuring that our internal technology ecosystem is as fast, secure, and disruptive as the payment solutions we build for our merchants and customers.

About the role
Reporting directly to the Global CTO, the Chief Information Security Officer (CISO) & Head of Information Technology will serve as Trustly’s most senior security and internal technology operations executive. This is a dual-scope role: you will own the full information security program - strategy, architecture, risk, and response, while also leading the IT organization that underpins Trustly’s global workforce, including driving our AI productivity journey.

You will be a key voice to the C-suite and a trusted advisor to the Board on all matters related to security posture, cyber risk, and technology resilience. You will operate at the intersection of a high-growth, globally distributed fintech and a fast-evolving regulatory and threat landscape, making decisions that have direct implications for our customers, our partners, and our business.

Define and execute Trustly’s global information security strategy, roadmap, and multi-year program, aligned to business objectives and risk appetite.

Own the enterprise security architecture across cloud infrastructure, payment systems, APIs, and internal applications.

Build and mature security capabilities spanning identity and access management, threat detection and response, data protection, application security, and vulnerability management.

Lead and develop a high-performing security team; attract, retain, and grow top security talent across the organization.

Champion a security-first culture, partnering with Engineering, Product, Legal, and Finance to embed security into every stage of the development and business lifecycle.

Lead the global IT function, overseeing end-user computing, workplace technology, service desk, network infrastructure, and enterprise systems.

Drive operational excellence and reliability across IT services for Trustly’s distributed, global workforce.

Lead our global workforce in productivity improvements centered around AI.

Own IT vendor relationships and enterprise tool strategy, ensuring cost-effectiveness, scalability, and compliance.

Oversee IT disaster recovery and business continuity programs, ensuring resilience across critical business systems.

Own Trustly’s cybersecurity risk framework, conducting regular assessments and translating technical risk into business terms for executive and Board audiences.

Ensure compliance with applicable regulatory requirements across all operating jurisdictions, including PCI DSS, SOC 2, GDPR, DORA, ISO 27001, CCPA, and open banking regulations.

Partner with Legal and Compliance to navigate evolving data privacy and financial services regulations in the U.S., EU, and other markets.

Lead third-party and vendor risk management, ensuring Trustly’s partner and supply chain ecosystem meets security standards.

Oversee the Security Operations Center (SOC), threat intelligence, and incident response capabilities, ensuring rapid detection, containment, and recovery.

Serve as executive incident commander for major security events; manage stakeholder communications, regulatory notifications, and post-incident reviews.

Continuously improve detection engineering, red team / blue team programs, and tabletop exercise cadences.

Present security and IT risk posture, program updates, and strategic priorities to the Board of Directors and executive leadership on a regular basis.

Partner with the CTO, CFO, General Counsel, and other C-suite executives to align security investments with business strategy.

Represent Trustly externally with regulators, auditors, strategic partners, and industry bodies.

15+ years of progressive experience in cybersecurity, with demonstrated breadth across security architecture, risk management, compliance, and security operations.

Proven track record of building and scaling enterprise security programs in complex, high-growth environments.

Hands-on experience navigating regulatory frameworks (e.g. PCI DSS, ISO 27001)

Deep knowledge of cloud security (AWS, GCP, and/or Azure), DevSecOps practices, and modern security tooling.

Executive presence and communication skills, with the ability to engage a Board of Directors and translate complex technical risk into strategic business terms.

Experience leading high-performing, geographically distributed teams in a global organization.

Strong vendor and contract management experience.

Prior CISO title or equivalent accountabilities at a technology company, financial institution, or regulated fintech.

Experience managing IT organizations at scale, including enterprise infrastructure, end-user technology, and IT operations.

Experience at a payments company, open banking platform, or financial services organization operating under multiple regulatory regimes.

Familiarity with open banking infrastructure, API security, and payment rail security considerations.

Advanced security certifications such as CISSP, CISM, or CISA.

Experience with pre-IPO security program build-out and audit readiness.

Multilingual capability or experience working across U.S., EU, and APAC operating environments is a plus.