Risk Manager - Information Security

Do you want to lead oversight and control of cyber- & technology risk in a fast growing SaaS company?

We are on a very exciting journey with strong support from our customers and our owners. Risk Management practises and the right Risk acceptance is critical to the success of our mission & vision. We have very high ambitions in the areas of security & privacy, both for internal business operations and also our secure-by-design SaaS products & services. We are now looking for a competent leader who can provide critical, risk based, input to this journey and who also thrives in a forward looking environment where there is a lot of room to grow.

About the role

As Risk Manager - Information Security you will operationalise the Extenda Retail Risk Management, Privacy and Information Security Policies which outlines our high level ambitions around GRC with a particular focus on InfoSec (ISO/IEC & NIS), Privacy (GDPR) and Corporate IT Governance. The scope of this role entails all business operations and products areas of Extenda Retail, including our SaaS products and services that we deliver to our clients.

You will:

• Operationalise & implement key aspects of the Extenda Retail Policy & Procedures framework; to develop and mature our Risk Management practises and the ISO/IEC based ISMS etc.
• With a cross-functional mandate, collaborate with key stakeholders across the organisation.
• Engage with internal stakeholders across the organisation to provide information asset and scenario based risk assessments, and to mature our risk management best practises.
• Provide reporting material for senior management and the board of directors to facilitate risk based decision making.
• Engage with our Client Success & Product organisation to assist in security audits, solution delivery audits/assessments, product security and solution security.
• Conduct 3rd party risk assessments
• Collaborate with key stakeholders in maturing our adherence to ISO27000
• Establish and ensure tight close collaboration with our Information & Cyber Security teams and our Legal function.
• Support the product and operation teams with GDPR advice and best-practise.
• Provide support to the Legal Function and the DPO with regard to data protection issues, such as GDPR, DPIA, TIA, third country transfers and requests from individuals on their rights, all in order to ascertain compliance with GDPR.

How will your first 3-6 months look like?

Build a solid understanding of our existing Risk Management practises and form an idea how you would like to mature them.

Review and mature the ISMS, existing policy and procedures to ensure they are aligned with your ambitions.

Define your strategy, populate the backlog and get going!

Getting an idea of our current tech stack

You will have the opportunity to work with a wide range of vendors. As a heavy adopter of cloud we have solutions in both Google GCP, Azure and AWS. In our corporate tech stack you will also find G-suite, MS SQL/SSIS/Power BI, Salesforce CRM (sales cloud, experience coud, pardot etc.), Dynamics Business Central, Atlassian suite (Jira/Confluence), Slack etc. Our Hii Retail product is built in native Google Cloud.

Who you are / Who we are looking for

You have a passion for security and privacy and are seriously concerned over how data of organisations and individuals can be protected in the increasingly digital world.

You are a mature and confident leader with a passion for finding and recommending “doing the right thing”, balancing risk with business objectives.

In depth expertise & experience from IT Governance & Risk Management.

You are an excellent communicator and have a passion for thought leadership, guiding an organisation within your field of expertise and have an ability to present your plans in a convincing way.

We look forward to having you on board!