Information Security Officer
Northmill Bank AB
📍 Stockholm
⏰ Heltid
📋 Vanlig anställning
🗓 Ansök senast 31 oktober 2026
✦ Få fler intervjuer
Generera ett personligt brev anpassat för just den här rollen — på under en minut.
Skapa ansökan – från 49 kr Gratis att söka · Ingen registrering · Premium 49 kr/månOm jobbet
Northmill Bank is a challenger bank at the intersection of technology and finance, committed to revolutionizing the way people manage and protect their financial well-being. We are creating a different kind of banking experience, digital yet personal.
Northmill Bank was founded in 2006 and have grown to over 240 employees in 3 countries, 4 000 merchants and 600 000 end users. We use the latest technology to develop safe, smart, and user-friendly products for our customers. They are the sole reason why we do what we do. We are a 100% cloud-based product company where technology is the driver to create smarter banking products.
Grab this opportunity to be a part of us and our journey!
About the role
The Information Security Officer is subject matter expert, and a member of the Information Security team in the second line of defense. The team is tasked to provide governance, oversight and guidance, meaning to ICT write policies, and monitor and control first line’s compliance towards these policies. The team also has a number of security capabilities that we provide ourselves, such as technical security scanners or security training activities.
While the team’s primary responsibility is governance, oversight, this is a small bank and you will also play a hands-on role in driving security initiatives, designing procedures, and building security capabilities. You will directly influence the secure design of systems, support risk management, and respond to security incidents.
Much of information security material needs a significant rewrite, so this role comes with a great opportunity to use prior experience to influence the Bank’s ways of working, risk appetite and ultimately its risk posture.
You will have a blank canvas to modernize our security framework, moving us from legacy documentation to a lean, ISO 27001-aligned 'Version 2.0.' This is a rare opportunity to use your experience to directly shape the Bank’s ways of working, risk appetite, and long-term security posture.
What you will do
Translating information security requirements into practical, effective, and business-aligned policies, procedures, guidelines or strategies. Northmill is both a bank and payment provider in multiple European regions, and also has a number of business requirements affecting information security.
Monitor compliance for our internal information security rules and our applicable business and regulatory requirements. DORA, GDPR, PSD2, FFFS, Visa, Swift, Swish, Bankgirot, Rixbanken, etc.
Structure information security requirements in the ISMS in alignment with the ISO 27001 standard.
Act as an advisor and lead for information, cyber security, or privacy incidents.
Serve as a subject matter expert within privacy and data protection
Act as subject matter expert in relation to our PCI-DSS certification and conduct readiness assessments towards the business. Keep track of that recurring tasks are performed as needed.
Contribute to reporting towards supervisory authorities (e.g. SFSA, IMY, FIN-FSA)
Ensure that the organization has relevant security awareness and training in place
Lead and participate in Business Impact Analysis, ICT vendor approval, the Register of Information, Critical and Important functions, ICT Risk assessments, Data Protection Impact Assessments, IA-act risk assessments, NPAP, and various GAP analyses.
What we are looking for
Experience working as an Information Security Officer or in a similar role
Hands-on experience in developing policies, procedures, and security frameworks
A pragmatic mindset and a strong understanding of how to balance regulatory requirements with business needs
Strong problem-solving skills and the ability to operate in a dynamic environment
A collaborative approach and willingness to work closely with different parts of the organization
Professional proficiency in both Swedish and English (Finnish or German is a plus)
Based in Stockholm, with EU/EEA residency or citizenship
Certifications such as CISM or ISO 27001 Lead Implementer are meritorious, but not required.
What we offer
A fantastic office in a prime Stockholm location with great spaces and views
An independent role with the opportunity to make a real impact
Great opportunities for professional development
Health - 5 000 kr health care allowance
Conference abroad every other year
Breakfast and fruits every day, as well as "holy fika” each Friday
Regular after work and celebrated successes at the office
Apply today and be a part of Northmill!
Northmill Bank was founded in 2006 and have grown to over 240 employees in 3 countries, 4 000 merchants and 600 000 end users. We use the latest technology to develop safe, smart, and user-friendly products for our customers. They are the sole reason why we do what we do. We are a 100% cloud-based product company where technology is the driver to create smarter banking products.
Grab this opportunity to be a part of us and our journey!
About the role
The Information Security Officer is subject matter expert, and a member of the Information Security team in the second line of defense. The team is tasked to provide governance, oversight and guidance, meaning to ICT write policies, and monitor and control first line’s compliance towards these policies. The team also has a number of security capabilities that we provide ourselves, such as technical security scanners or security training activities.
While the team’s primary responsibility is governance, oversight, this is a small bank and you will also play a hands-on role in driving security initiatives, designing procedures, and building security capabilities. You will directly influence the secure design of systems, support risk management, and respond to security incidents.
Much of information security material needs a significant rewrite, so this role comes with a great opportunity to use prior experience to influence the Bank’s ways of working, risk appetite and ultimately its risk posture.
You will have a blank canvas to modernize our security framework, moving us from legacy documentation to a lean, ISO 27001-aligned 'Version 2.0.' This is a rare opportunity to use your experience to directly shape the Bank’s ways of working, risk appetite, and long-term security posture.
What you will do
Translating information security requirements into practical, effective, and business-aligned policies, procedures, guidelines or strategies. Northmill is both a bank and payment provider in multiple European regions, and also has a number of business requirements affecting information security.
Monitor compliance for our internal information security rules and our applicable business and regulatory requirements. DORA, GDPR, PSD2, FFFS, Visa, Swift, Swish, Bankgirot, Rixbanken, etc.
Structure information security requirements in the ISMS in alignment with the ISO 27001 standard.
Act as an advisor and lead for information, cyber security, or privacy incidents.
Serve as a subject matter expert within privacy and data protection
Act as subject matter expert in relation to our PCI-DSS certification and conduct readiness assessments towards the business. Keep track of that recurring tasks are performed as needed.
Contribute to reporting towards supervisory authorities (e.g. SFSA, IMY, FIN-FSA)
Ensure that the organization has relevant security awareness and training in place
Lead and participate in Business Impact Analysis, ICT vendor approval, the Register of Information, Critical and Important functions, ICT Risk assessments, Data Protection Impact Assessments, IA-act risk assessments, NPAP, and various GAP analyses.
What we are looking for
Experience working as an Information Security Officer or in a similar role
Hands-on experience in developing policies, procedures, and security frameworks
A pragmatic mindset and a strong understanding of how to balance regulatory requirements with business needs
Strong problem-solving skills and the ability to operate in a dynamic environment
A collaborative approach and willingness to work closely with different parts of the organization
Professional proficiency in both Swedish and English (Finnish or German is a plus)
Based in Stockholm, with EU/EEA residency or citizenship
Certifications such as CISM or ISO 27001 Lead Implementer are meritorious, but not required.
What we offer
A fantastic office in a prime Stockholm location with great spaces and views
An independent role with the opportunity to make a real impact
Great opportunities for professional development
Health - 5 000 kr health care allowance
Conference abroad every other year
Breakfast and fruits every day, as well as "holy fika” each Friday
Regular after work and celebrated successes at the office
Apply today and be a part of Northmill!