Senior IT Security Specialist

Job Description

Location: Stockholm or Oslo or Copenhagen

Department: Security & IT Governance

Reports to: Head of Security & IT Governance

About Us: Join our Security & IT Governance team at Lendo Group, which focuses on protecting our digital assets and ensuring compliance with industry standards. We are committed to maintaining a secure environment while fostering innovation and growth.

Position Summary: We seek a highly skilled Senior IT Security Specialist to join our team. This role is crucial in implementing robust security measures, ensuring operational security, and advising the Head of Security & IT Governance in maintaining a comprehensive security strategy. You will be instrumental in fortifying our systems and products against potential threats and vulnerabilities. Your expertise will be crucial in conducting security assessments, implementing best practices, and ensuring the integrity and resilience of our digital assets. The position covers all brands within Lendo Group in Sweden, Norway, and Denmark and reports to the Head of Security & IT Governance.

Key Responsibilities:

• Design and develop security strategy: Design, develop, and implement the security strategy, protocols, and best practices to ensure the integrity and resilience of our software systems and cloud environments.
• Vulnerability management: Conduct regular vulnerability scanning using tools like Wiz, Detectify, and Vulcan. Identify, assess, and remediate security vulnerabilities.
• Bug Bounty program: Manage and optimise our bug bounty program, ensuring timely response and resolution of reported vulnerabilities.
• Security documentation: Maintain and update security documentation, policies, and procedures to ensure compliance with regulatory requirements and industry standards.
• NIST CSF compliance: Ensure alignment with the NIST Cybersecurity Framework and maintain an up-to-date understanding of industry standards and best practices.
• Risk management: Help update and manage the risk register, identify and evaluate risks, and develop mitigation strategies.
• Security by design: Promote and implement security by design principles throughout the organisation. Advise development teams to ensure secure coding practices.
• Quality assurance: Ensure that security measures meet quality standards and contribute to continuous improvement processes.
• Security awareness: Educate employees on security best practices and policies.
• Data operations: Streamline data operations to enhance security and efficiency.
• KPI setting: Assist in setting and monitoring Key Performance Indicators (KPIs) for security initiatives.
• Incident management: Respond to and manage security incidents, conduct thorough investigations, and implement corrective actions.
• Advise teams: Work closely with software developers, architects, and system engineers to integrate security measures throughout the software development lifecycle. Advise different teams in remediating security issues or vulnerabilities.
• Stay updated: Stay updated on emerging threats and industry trends, making recommendations for continuously improving our security posture.
• Security tools management: Implement and manage security tools and technologies to enhance security.

Qualifications:

Education: While a Bachelor's degree in Computer Science, Information Security, or a related field is preferred, we understand that relevant experience can be just as valuable. We encourage candidates with strong practical experience in IT security to apply, even if they do not meet the formal education requirements.

Technical skills:
- Proficiency in vulnerability scanning tools (Wiz, Detectify, Vulcan).
- Strong understanding of NIST CSF and mitigation techniques.
- Proficiency in programming languages.
- Knowledge of Cloud environments (AWS, GCP).

Experience:

- Extensive experience in security roles. Preferably with a background in software development and secure coding practices.
- Hands-on experience with vulnerability management.
- Familiarity with bug bounty programs and security documentation.

Soft skills:
- Excellent analytical and problem-solving skills.
- Strong communication and interpersonal skills, with the ability to advise and manage both technical and non-technical stakeholders.
- High attention to detail and organisational skills.

Nice to haves:

• Relevant security certifications such as CISSP, CISM, or CompTIA Security+ are highly desirable.
• Knowledge of pentesting.
• Experience in writing policies and procedures and performing audits.
• Knowledge of applicable regulations (ISO 2700x, GDPR, PSD2, DORA).
• A good understanding of the cyber security threat landscape.
• Good knowledge of OWASP Top 10.

About Lendo:
Do you want to be a key player in growing a company that works to empower consumers to make smarter and more conscious financial decisions? If so, Lendo offers you the opportunity to work in an entrepreneurial environment across Scandinavia, striving to reach a growing number of users with services that help them save money and manage and improve their personal finances.

Lendo is the leading marketplace for loans in Scandinavia, where people seek guidance, browse, get, and manage consumer loans, car loans, credit cards, business loans, and mortgages. Since 2009 Lendo has been part of the Schibsted family of brands and operates in Norway, Sweden, and Denmark, employing over 250 talented colleagues. Every day, we make it easier for people to get a fair price on loans, often significantly reducing their interest rates.

We offer:

• A place for everyone - an international environment, we have teammates coming from 20+ different countries
• Be a part of the Schibsted family with endless possibilities
• Room for you to do things your way
• We like to inspire your passion by organising hackathons, and knowledge-sharing events, as well as giving you the opportunity to join global conferences
• There are lots of things you can learn through our Schibsted Learning platform, skilled sparring partners as well as make use of a good budget for competence development
• A wellness program if you want to do yoga, meditation, running, and other activities with colleagues and coaches
• 4 000 SEK of health promotion allowance
• 30 days of paid leave
• Central office location depending on the country and a hybrid workplace
• We also chip in on your pension and give you extra Schibsted shares for free if you join our share-saving plan
• And yes, we have the industry standard perks such as team activities and fun parties!

We will be reading applications until July; after that, we are on summer break. We will pick up the processes in August. Apply as soon as possible—if the matching candidates apply, we can fill the position before the job ad extends.

Questions? You are welcome to get in touch with Johan Rundquist, Head of Security and IT Governance, at: [email protected] or with Agnes Novrin, Talent Acquisition Partner, at [email protected]