Trustly4d ago

Information Security Officer

Sweden·Stockholmmid

OtherInformation Security Officer

0 views0 saves0 applied

Apply Now

Quick Summary

Overview

WHO WE ARE At Trustly, we're building a smarter, faster, and more secure financial future by revolutionizing the world of payments. As a global leader in Open Banking Payments,

Technical Tools

OtherInformation Security Officer

WHO WE ARE

At Trustly, we're building a smarter, faster, and more secure financial future by revolutionizing the world of payments. As a global leader in Open Banking Payments, we are establishing Pay by Bank as the new standard at checkout, providing unparalleled freedom, speed, and ease to millions of consumers and merchants worldwide.

Our Ambition: To build the world’s most disruptive payment network and redefine what the payment experience should feel like.

Trustly is a global team of innovators, collaborators, and doers. If you are driven by a strong sense of purpose and thrive in a dynamic, entrepreneurial, and high-growth environment, join us and be part of a team that’s transforming the way the world pays.

The Security team is Trustly's first line of defence. We do the hands-on security work - running risk assessments, reviewing vendors, maintaining policies and procedures, driving business continuity and disaster recovery, and making sure security is embedded in how Trustly builds and operates its products. We work closely with engineering, legal, finance, risk & compliance, HR and senior leadership, and partner with the second line for governance and oversight.

About the Role

~3 min read

We are looking for an experienced Information Security Officer to join the Information Security team, reporting to the Director of Security in Stockholm. The role sits in the first line of defence, meaning you will be directly responsible for executing and operating security activities - not just governing or overseeing them.

You will work across the full breadth of the role — owning and driving security governance, risk management, third-party oversight, business continuity, compliance and awareness. You will be expected to work independently, influence decisions across teams, and improve how we operate. At the more senior end, you will help shape security strategy and act as stand-in for the Director of Security when needed.

Develop, maintain and communicate Trustly's information security framework (ISMS), including instructions and routines aligned with regulatory requirements and industry standards

Lead information security risk assessments, define and track risk treatment plans, and keep the risk register current

Assess the security posture of third-party vendors and partners during onboarding and through ongoing oversight, define contractual security requirements, and drive remediation of gaps

Ensure business continuity, disaster recovery and crisis management capabilities meet regulatory requirements and are regularly tested

Define and maintain security controls across areas such as access management, internal fraud prevention, monitoring and segregation of duties

Ensure compliance with applicable regulatory requirements, contractual obligations and industry standards; coordinate and support internal and external audits and certifications

Respond to customer due diligence requests, security questionnaires and supplier assessments

Promote security awareness across the organisation through training, communication and guidance

Manage the security incident process and the exception and risk acceptance process, ensuring deviations are documented and approved at the right level

Act as stand-in for the Director of Security when required

5+ years of experience in information security, with a focus on governance, risk management or compliance - ideally in regulated financial services or payments

Experience leading and building a team(s) and/or larger projects

Strong working knowledge of ISO/IEC 27001

Familiarity with frameworks such as NIST CSF will be considered as beneficial

Practical experience translating regulatory requirements (e.g. any regulations and standards such as DORA, NIS 2, PSD2, EBA guidelines) into policy and process

Proven experience with third-party risk management across the vendor lifecycle

Excellent written and verbal communication - you can write a clear policy, present to an all-hands audience, and advise senior leadership with equal ease

Comfortable driving cross-functional initiatives and influencing stakeholders at all levels

If you hold one or more relevant certifications (active or expired) such as CISM, ISO 27001 Lead Implementer, CISA, CISSP or similar, this is considered beneficial

Fluent in English, written and spoken. Swedish is a bonus but not a requirement