Security Professional - Information Security (ISMS)
Klarna makes shopping smoooth. And we do it with flair because shopping is fun. Every day, we help customers, businesses, and partners explore just how smoooth the modern shopping experience can be.
It means we’re constantly changing the game. Always trying out new things. And we encourage our people to do the same. To grow. To develop. Because we don’t believe roles have to stay fixed. Instead we inspire our people to take an irregular career path. As a company of 350 dynamic start-ups, our whole business is built for it. So once you’re in, there’s no telling what will happen next.
About the team
Engineering is rapidly growing and we are looking for new talent to join our Information Security team (InfoSec). Our team services the entire Klarna group working out of Stockholm (HQ), Berlin and Linden (Germany).With a banking license and operating in the financial industry in several regions, Klarna is naturally highly regulated. Regardless, we strive to build the smoothest experience. Keeping our customers’ information safe and ensuring their privacy is essential to Klarna, hence our highest commitment to information security. Germany has recently become our number one market and after establishing our Berlin location in early 2018, we are continuing to grow and expand our local teams.
What we do
The InfoSec team designs and implements our Information Security Management System (ISMS). It is based on requirements from multiple regulatory spaces, but we try to work in a smart way. We want to do away with most of the drudgery around information security controls and governance. As an engineering-driven company, we aim to automate as much as possible so our development teams can focus on delivering products .Klarna’s services are cloud-based, and we have a diverse set of developers working on our microservices. Therefore, we try to build in security as code, allowing us to ensure security by default. InfoSec is working as a key stakeholder with our infrastructure security teams who implement and maintain this secure platform.
What you'll do
- You will be managing our ISMS documents for security, spreading awareness, measuring the effectiveness, and providing assurance. For new solutions, services, and partners, you will assess the information security risks, do the necessary due diligence, and review evidence to ensure it is all up to par.
- Our InfoSec team finds new ways to drive awareness. Placing ourselves in our colleagues’ shoes and mindset, we aim to understand how we can best support them. That’s why we have a communication specialist amongst us and utilize many freelance artists to make our messages stick.
Who you are
- You are an experienced information security professional with a technical background.
- You understand how information security assurance works in practice, and now you want to optimize and simplify its application.
- You have worked with information security in general for at least 5 years.
- You have been managing an ISMS or parts of it. You have created ISMS documents with a firm understanding of their impact on the organization, especially developers.
- You have experience working with engineers, product developers, management and users, as well as external stakeholders.
- In the past, you have worked in a technical position yourself, such as a developer, system administrator or IT engineer. From this you understand how a development organization operates. Preferably you have experience with agile development and Linux environments.
- You have worked with industry standards for information security and understand its underlying principles and reasoning.
- You have experience working with cloud based technology, preferably Amazon Web Services. You understand how cloud architectures work and how security can be assured in them.
- You are fluent in written and spoken English and German. You can read and understand regulatory requirements and contracts without issues, and you can lead meetings in an efficient way.
You may also have
- Worked with ISAE 3000/3402, SOC 1/2, ISO 27000, ISO 31000 or PCI DSS.
- Worked with financial regulations.
- Experience as an auditor or worked frequently with auditors.
- A formal information security education, such as BSc or MSc.
- Certifications such as CISSP, CISM or CISRM.
Your way of working
- In your heart, you know there is a better way of doing things. Challenge the old dogmas of slow and tedious information security work with miles of documentation and do away with the tick-the-box philosophy of security.
- You are also grounded and understand that security has to be explained, and that others need assurance that information is secure in the same way that we require assurance from our partners and service providers.
- You love to try a new approach, think big, but you can also focus on details. Starting out small, and quickly try out your idea because you really want to see the results now, not in years.
- You enjoy working with and in teams, and work together to achieve a common goal.
- You are experienced enough to own and drive projects independently. You can interact with different competences and internal and external stakeholders in a professional way.
We value open source, here’s some of our work - https://github.com/klarna
30 days of annual leave every year;
Generous occupational pension and insurance plans;
Flexible work schedule;International working environment in central Berlin;
Learning and development focused environment with an emphasis on knowledge sharing, training and regular internal technical talks;
How to apply
Send your CV in English and we will get in touch with you.
You must be confident in having negotiations and reading legal texts and contracts in German in order to apply for this role.
Klarna was founded in Stockholm, Sweden in 2005. Since then, we’ve changed the banking industry forever. And now we’re creating the world’s smooothest shopping experience. We serve 80 million consumers worldwide, and partner with 190,000 merchants – with a new merchant joining us every 8 minutes. Including some of the world’s leading brands, such as H&M, ASOS, IKEA, Adidas, Samsung and Lufthansa. Our offices are spread over 17 different markets, hosted by +2,500 people from 90 nationalities.