About Stacc

With over 40 years' combined experience, Stacc is proud to provide software solutions for the financial services sector in the Nordics. We combine financial technology with design and strategic know-how. We enable financial services to innovate, surprise and excite.

Stacc employs 220+ people located in our offices in Norway, Sweden and Denmark and serve more than 280 clients in the Nordics.

About the job

We are seeking a highly skilled and experienced Chief Information Security Officer (CISO) to join our team in Bergen, Norway.

This role will be responsible for managing and securing our information technology environment, focusing particularly on Microsoft 365, Azure Entra Identity and Access Management ID.

With a company size of over 220 employees, the successful candidate will also lead our internal Security Group and oversee major aspects of our ISO 27001 certification process. This position demands a blend of technical prowess and robust organisational skills, emphasizing pragmatism, compromise, and collaboration, especially in close work with our Chief Compliance Office (CCO). The role will also be responsible for internal IT operations in the group.

This position is not only pivotal in safeguarding our technological infrastructure but also in fostering a secure and compliant organisational culture. We are looking for a candidate who embodies our values of integrity, collaboration, and innovation, ready to lead our security efforts into the future.

We are seeking a candidate able to work from our physical offices in Bergen.

The CISO-role will report to the Stacc Group CEO and be part of the group´s management team.

What will you be doing?

• Communicate security risks and strategies effectively to both technical and non-technical stakeholders, to foster a strong cybersecurity culture across the organisation

• Develop and enforce guidelines, policies and procedures to ensure the security and integrity of the company's data, software, and hardware.

• Manage security solutions for Microsoft 365 and Azure Entra ID and oversee the selection, implementation, and maintenance of operational and security measures within these environments.

• Lead the internal Security Group, and though this role identify, develop, implement, and maintain security processes throughout the organisation to minimize risks, manage incidents, and limit liability exposure

• Manage the acquisition and upkeep of ISO 27001 certification, including all related controls and documentation.

• Work towards SOC II certification as a part of our ongoing efforts to lift our security standards further

• Collaborate and work closely with our Chief Compliance Officer to ensure that security practices are in line with regulatory requirements

• Answer customers inquiries about information security, including RFPs and RFIs and other security and compliance related matters

• Responsible for internal IT operations at Stacc Group
  

We think you should have

• Proven experience in managing security across both IT and OT environments, under a set of regulatory frameworks (i.e. GDPR, ISO27001, DORA and SOC II)

• Good knowledge of current laws and regulations affecting information security and data protection

• Experience with information security related to the management of IT operations and cloud services

• Solid experience with value and risk assessment

• Ability to think strategically but also the execution power to implement operationally

• Be able to be cleared and authorized in line with the provisions of the Security Act

Hard Skills

• Ability to manage Microsoft 365 and Azure Entra ID effectively in a mid-sized organisational context

• Deep understanding of Information security standards such as ISO 27001, DORA and SOC II, including certification process and control management

• Strong technical background with capabilities to guide the implementation of security solutions

• Proficiency in risk management methodologies and the use of security assessment tools

• Awareness of and familiarity with compliance laws and standards relevant to the finance technology industry

Soft Skills

• Project management skills: Ability to juggle multiple tasks and projects, maintaining structure and focus

• Pragmatism and flexibility: Openness to compromise and adaptability in finding the most effective solutions for the company

• Leadership skills: Ability to lead by example and inspire a team towards the common goal of achieving security objectives

• Communication and collaboration: Strong communication and collaboration skills in interacting and cooperating with various departments, particularly in aligning security measures with business and regulatory needs

• Capacity to remain composed under pressure and manage crisis situations strategically and effectively.

If you’re ready to take on a strategic leadership role in the financial technology industry, join us and help secure the future! 

Contact person

Henna Raknes
COO Stacc AS