Head of Compliance & IT Security, Cloud Protection for Salesforce

WithSecure Näytä kaikki työpaikat

  • Helsinki
  • Vakituinen
  • Täyspäiväinen
  • 16 päivää sitten
We are now looking for a Manager, Compliance & IT Security to lead and strengthen our internal security governance for Cloud Protection for Salesforce (CPSF) – a fast-growing cybersecurity SaaS business within WithSecure™.We are seeking a highly skilled and proactive profile to strengthen our security posture, ensure adherence to regulatory requirements, and lead the continuous development of our security governance framework.Your primary focus will be the building of a dedicated ISO/IEC 27001 Security Management System framework for the CPSF business (followed by continuous development, operation, and improvement afterwards), as well as the preparation and coordination of ISAE 3000 Type I/Type II assurance engagements. In addition, NIS2 compliance will be part of your attributions.This role combines hands-on expertise with strategic oversight: you will own key security processes, guide the business in adopting best-practice controls, and manage compliance activities across the organization.Key ResponsibilitiesInformation Security Management (ISO 27001)
  • Build, own and maintain the Information Security Management System (ISMS) for CPSF in alignment with ISO/IEC 27001 requirements.
  • Lead the yearly ISO 27001 cycle: risk assessments, internal audits, management reviews, and continuous improvement actions.
  • Maintain, author, and update security policies, standards, and procedures.
  • Coordinate with control owners across the business to ensure compliance and operational effectiveness
ISAE 3000 Assurance & External Validations
  • Coordinate the full lifecycle of ISAE 3000 (Type I & Type II) assurance engagements, including preparation, evidence collection, auditor interaction, and remediation.
  • Ensure internal controls are clearly defined, consistently implemented, and accurately documented for audit readiness.
  • Act as the main point of contact for external auditors and customers regarding security assurance matters.
Security Compliance, Risk Management & Governance
  • Continuous monitoring in the NIS2 framework
  • Monitor adherence to internal and external security requirements, customer commitments, and regulatory expectations.
  • Support customer due-diligence processes by providing security documentation, control descriptions, audit results and compliance certifications.
  • Oversee third-party security risk assessments and vendor compliance activities.
  • Maintain and evolve security policies, standards, and procedures.
  • Track industry and regulatory changes and translate them into actionable internal updates.
  • Collaborate with IT, Engineering, Operations, Business, Finance and Legal stakeholders to ensure security controls are understood and implemented.
Security Operations Support
  • Partner with internal teams on vulnerability management, secure configuration, incident response processes, and business continuity practices.
  • Validate the effectiveness of technical and administrative security controls.
  • Review and approve exceptions, risks, and mitigation plans.
  • Review and assess third-party security controls, coordinating vendor risk assessments.
  • Support business continuity and disaster recovery planning and exercises.
Leadership & Culture Building
  • Promote a strong security-first culture across CPSF through awareness, training, and engagement.
  • Guide and mentor internal stakeholders on best practices in governance, risk, and compliance.
What are we looking for?
  • 5+ years of experience in Information Security, Governance, Risk & Compliance, or IT audit.
  • Solid, practical knowledge of ISO/IEC 27001 control requirements and ISMS operations.
  • Hands-on experience managing or supporting ISAE 3000 / SOC / other assurance engagements.
  • Knowledge in NIS2 framework
  • Experience supporting or leading security audits and certification programs.
  • Familiarity with cloud environments (AWS) and modern security controls.
  • Strong documentation, organizational, and project management skills.
  • Experience in a regulated or high-security environment (SaaS, financial services, cybersecurity, etc.).
  • Relevant certifications such as CISSP, CISM, CRISC, ISO 27001 Lead Implementer/Auditor, or equivalent seen as beneficial
  • Ability to communicate effectively across technical and non-technical teams.
  • Fluent in English (written and verbal) – Other languages seen beneficial
  • Strategic yet hands-on, able to operate both at the planning and execution level
If you don’t tick every box above, don’t worry — we’re more interested in your potential and willingness to learn.The salary displayed on this page represents the starting point for the role. Final compensation is discussed individually and depends on experience, skills, and the local market.What will you get from us
  • A scaleup environment with a quickly growing and category leading product that is already established and achieving great success globally.
  • Work with a product trusted and Fortune 500 companies
  • Be part of a collaborative, ambitious, and international team based in central Helsinki
  • A strategic role with exposure across the entire organization.
  • Opportunity to shape and strengthen our security and compliance roadmap.
  • A collaborative environment that values initiative, trust, and continuous improvement.
  • Competitive compensation and flexible hybrid work model
Purpose – Why we exist
We are here to build and sustain trust in a digital society
We are here to build and sustain trust in a digital society — trust that is threatened by uncertainty, fear and worry caused by cyber attacks and crime.Vision – Where we are heading
No one should experience a serious loss because of a cyber attack
We envision a future where no one should experience a serious loss or be put out of business because of cyber attack or crime. At least no one who puts their trust in us.Mission – What we do
Accelerate transition to outcome-based security
Our mission is to research, innovate and build technologies, human expertise and delivery-business models that will accelerate our customers’ and partners’ transition to outcome-based security.Diversity & Inclusion:WithSecure is an equal opportunity employer and believe that employing a diverse workforce is central to our success. We are committed to ensuring all qualified applicants will receive consideration for employment without regard to nationality, colour, race, ethnic or national origin, sex, gender (including gender reassignment), sexual orientation, religion or belief, age, marital status or physical or mental disability.
We will do everything we can to support you during your application. If you need us to make any adjustments to our recruitment process, speak to our recruitment team who will be happy to support you!

WithSecure

Samnkaltaiset työpaikat

  • Application Security Lead

    Terveystalo

    • Helsinki
    At Terveystalo, we are building the future of healthcare through digital services and AI-enabled solutions. Trust is essential in digital healthcare, and application security is a …
    • 2 päivää sitten

  • Lead Cloud Security Architect

    Kone

    • Espoo, Helsinki
    Founded in 1910, is a global leader that provides elevators, escalators and automatic building doors, as well as solutions for maintenance and modernization that add value to build…
    • 17 päivää sitten