Group Information Security Specialist
@ the Mercell Group
Mercell Group is a leading e-tendering and procurement platform provider in the European market. Our platforms simplify the public procurement process in accordance with EU regulations and improve the interaction between buyers and suppliers.
The Mercell Group consists currently of 330 enthusiastic employees represented in 10 countries and with our Head Office in Oslo, Norway. Our tender (pre-award) services are delivered by the Mercell, EU Supply, Ethics and Udbudsvagten platforms. We are rapidly expanding and have during the last months included post-award platforms to our product portfolio with the acquisition of Aksess Innkjøp in Norway, and TrueLink, Tricom and Comcare in Denmark. Altogether, more than 40.000 suppliers and buyers across Northern Europe use Mercell’s platforms on a daily basis.
In July, the group got listed at the Merkur Market at the Oslo Stock Exchange, raising capital for further growth. To scale the organization for this journey, we need to continuously develop our organization, our employees and our structural capital, based on our values - growth, curiosity, courage and trust. Information Security is critical to realize our ambition and a cornerstone in our work with security, risk and compliance and. On this background, we are looking for an experienced information security specialist who will take the lead in developing and operating an ISMS at group level..
Want to build?
Mercell is a leading provider of platform solutions for tendering services and procurement in the Scandinavian market. While our headquarter is located in Oslo, Norway, the company has expanded considerably over the last couple of years, through acquisitions in Denmark, Sweden, the Baltic countries, the UK and the Netherlands.
Our ambition is to become a leading player in Europe, underpinned by our values - growth, curiosity, courage and trust. In July, the group got listed at the Merkur Market at the Oslo Stock Exchange. To scale the organization for further growth, we need to continuously develop our organization, our employees and our structural capital.
Who are you?
You are a passionate information security professional motivated by the opportunity to establish a corporate function for information security in a SaaS-company with international presence.
You should have 5+ years working experience in information security and possess:
- Profound knowledge of information security and leading practices within the field (e.g. lead practitioner in ISO 27001)
- Expertise within one of more of the following areas; identity access management, application and network security, cloud security, data loss protection or GDPR
- Some experience from project management and development and implementation of information security framework.
- Professional command of English and one of the Scandinavian languages.
- Preferably some insight into SaaS (an advantage, but not a must)
- An agile mindset
You are curious by nature and embrace the challenges of a dynamic and growing organization. Your courage is rooted in integrity and a true understanding of how to build trust and manifest itself in great communication skills and ability to convert vision and regulatory requirements into operational practice. You see yourself as a team player and able to maneuver in a complex environment, and are not afraid to act as advisor towards employees of various cultural backgrounds.
Tasks and responsibilities
You will drive the further development and establishment of a central information security function, covering:
- Group-wide and local risk assessments with regard to information security.
- Development, implementation and maintenance of a Group ISMS based on ISO 27001
- Support and guidance to subsidiaries and group functions in effective implementation of information security practices through advice and communication, presentations and training
- Handling of certification and attestation processes by third parties (ISO and ISAE)
- Effective and secure integration of new, acquired companies with regard to information security
- Audits, investigations and incident handling related to information security
- Handling of requests and dialogue with customers on information security matters
- Annual planning and execution activities directed towards information security, as part of Mercell’s overall compliance program.
You will report to the Head of Security, Risk and Compliance / Group Compliance Manager of the Mercell Group. Some travel must be expected.
What can we offer?
Mercell continuously provides great opportunities for growth within the organization. You will have good opportunity to shape your role and determine your priorities. We look at what you deliver, not how you work or how many hours you spend on each task. In addition to a designated responsibility for the ISMS and information security function at group level, you will be a central part of Mercell’s “Security, Risk and Compliance”-team and have a great impact on the development of Mercell’s operations and organization.
We offer competitive salary and benefits (pension and insurance), flexible work hours, home office and office at new and modern premises at Skøyen in Oslo.
Master’s degree or equivalent in Information Technology, Business or any other related field. An equivalent of the same in working experience and certifications is also acceptable.
Please call Group Compliance manager Janne Britt Saltkjel at tel 99 120 195 if you want to know more.
Deadline for applying for this position is October 30, 2020.