Security Professional - Information Security (ISMS)

Stockholm, Sweden /
Engineering /
Klarna makes shopping smoooth. And we do it with flair because shopping is fun. Every day, we help customers, businesses, and partners explore just how smoooth the modern shopping experience can be. 

It means we’re constantly changing the game. Always trying out new things. And we encourage our people to do the same. To grow. To develop. Because we don’t believe roles have to stay fixed. Instead we inspire our people to take an irregular career path. As a company of 350 dynamic start-ups, our whole business is built for it. So once you’re in, there’s no telling what will happen next.

Engineering at Klarna is an inspired, customer focused community, dedicated to crafting solutions that redefine our industry. Working in small, highly collaborative Agile teams, you and your team will have a clear mission and ownership of an important outcome that supports Klarna and our customers. At Klarna we optimise for quality, flow, fast feedback, focussing on end-to-end ownership, continuous improvement, testing, monitoring and experimentation. We aim for teams that are inclusive, helpful, and have a strong sense of ownership for the things they build.
Our engineers make some of the most significant decisions for the company and we are looking for bold, open and curious developers. As a Klarnaut, you’ll be inspired to contribute to the growth of Europe’s most highly valued fintech and your work will reach millions of users.

Engineering is rapidly growing and we are looking for new talent to join our Information Security team (InfoSec). Our team services the entire Klarna group working out of Stockholm (HQ), Berlin and Linden (Germany).With a banking license and operating in the financial industry in several regions, Klarna is naturally highly regulated. Regardless, we strive to build the smoothest experience. Keeping our customers’ information safe and ensuring their privacy is essential to Klarna, hence our highest commitment to information security.

What you'll get to do

The InfoSec team designs and implements our Information Security Management System (ISMS). It is based on requirements from multiple regulatory spaces, but we try to work in a smart way. We want to do away with most of the drudgery around information security controls and governance. As an engineering-driven company, we aim to automate as much as possible so our development teams can focus on delivering products. Klarna’s services are cloud-based, and we have a diverse set of developers working on our microservices. Therefore, we try to build in security as code, allowing us to ensure security by default. InfoSec is working as a key stakeholder with our infrastructure security teams who implement and maintain this secure platform.

Some of the things you’ll get to work with

    • You will be managing our ISMS documents for security, spreading awareness, measuring the effectiveness, and providing assurance. For new solutions, services, and partners, you will assess the information security risks, do the necessary due diligence, and review evidence to ensure it is all up to par.
    • Our InfoSec team finds new ways to drive awareness. Placing ourselves in our colleagues’ shoes and mindset, we aim to understand how we can best support them. That’s why we have a communication specialist amongst us and utilize many freelance artists to make our messages stick.

You should have

    • You are an experienced information security professional with a technical background. You understand how information security assurance works in practice, and now you want to optimize and simplify its application.

    • You have worked with information security in general for at least 5 years.
    • You have been managing an ISMS or parts of it. You have created ISMS documents with a firm understanding of their impact on the organization, especially developers.
    • You have experience working with engineers, product developers, management and users, as well as external stakeholders.
    • In the past, you have worked in a technical position yourself, such as a developer, system administrator or IT engineer. From this you understand how a development organization operates. Preferably you have experience with agile development and Linux environments.
    • You have worked with industry standards for information security and understand their underlying principles and reasoning.
    • You have experience working with cloud based technology, preferably Amazon Web Services. You understand how cloud architectures work and how security can be assured in them.
    • You are fluent in written and spoken English. You can read and understand regulatory requirements and contracts without issues, and you can lead meetings in an efficient way.

You may also have

    • Worked with ISAE 3000/3402, SOC 1/2, ISO 27000, ISO 31000 or PCI DSS.
    • Worked with financial regulations.
    • Experience as an auditor or worked frequently with auditors.
    • A formal information security education, such as BSc or MSc.
    • Certifications such as CISSP, CISM or CISRM.

Your way of working

    • In your heart, you know there is a better way of doing things. Challenge the old dogmas of slow and tedious information security work with miles of documentation and do away with the tick-the-box philosophy of security.
    • You are also grounded and understand that security has to be explained, and that others need assurance that information is secure in the same way that  we require assurance from our partners and service providers.
    • You love to try a new approach, think big, but you can also focus on details. Starting out small, and quickly try out your idea because you really want to see the results now, not in years.
    • You enjoy working with and in teams, and work together to achieve a common goal.
    • You are experienced enough to own and drive projects independently. You can interact with different competences and internal and external stakeholders in a professional way.
If you feel the description fits you, come help us redefine information security. 

What we can offer you

Culture - You'll have an opportunity to work with people from 90+ different countries in our English speaking offices in Stockholm/Berlin city centre.

Learning - We have a learning and development focused environment with an emphasis on knowledge sharing, training, and regular internal technical talks.

Compensation - You’ll receive an attractive salary, pension, and insurance plans, plus we offer all of our employees an opportunity to invest in a RSU program and own a stake of the company. You’ll also receive 30 days annual leave and since we recognise that life is about more than work, we also offer benefits for gym memberships, marathons, and all sorts of activities that promote physical health. We also have generous parental leave (for men and women).

Relocation - We can offer relocation support to Stockholm. 
We know diverse teams are strong teams, so we welcome those with alternative identities, backgrounds, and experiences. Our teams include women, men, mothers, fathers, the self-taught, the college-educated, and people from all over the world.

We also believe in making contributions back to the open source community. You can find some of our work at https://github.com/klarna.

How to apply: please send us your CV or Linkedin profile in English
#LI-MK1

About Klarna

Klarna was founded in Stockholm, Sweden in 2005. Since then, we’ve changed the banking industry forever. And now we’re creating the world’s smooothest shopping experience. We serve 80 million consumers worldwide, and partner with 190,000 merchants – with a new merchant joining us every 8 minutes. Including some of the world’s leading brands, such as H&M, ASOS, IKEA, Adidas, Samsung and Lufthansa. Our offices are spread over 17 different markets, hosted by +2,500 people from 90 nationalities.