Head of Compliance & IT Security, Cloud Protection for Salesforce

Tasks

• Build and maintain ISMS
• Collect audit evidence
• Conduct internal audits
• Coordinate ISAE 3000 Type I and Type II engagements
• Coordinate security control compliance with control owners
• Guide governance risk and compliance best practices
• Lead ISO 27001 cycle
• Maintain security policies, standards, procedures
• Manage auditor communication
• Monitor NIS2 compliance continuously
• Oversee third party security risk assessments
• Perform risk assessments
• Provide security awareness training
• Remediate audit findings
• Review and approve exceptions risks and mitigation plans
• Review third-party security controls
• Run management reviews
• Serve as contact for external auditors and customers
• Support Business Continuity Planning
• Support customer due diligence
• Support disaster recovery planning
• Support incident response processes
• Support secure configuration
• Support vulnerability management
• Track regulatory changes and update controls
• Validate effectiveness of security controls

Perks/Benefits

• Central Helsinki office
• Collaborative team
• Continuous improvement culture
• Exposure across the organization
• Flexible hybrid work model
• International team
• Opportunity to shape security roadmap

Skills/Tech-stack

Audit evidence | Business Continuity | Control Implementation | Disaster Recovery | ISAE 3000 | ISMS | ISO 27001 | Incident Response | Internal Audit | Management Review | NIS2 | Project Management | Remediation | Risk Assessment | Risk Management | Secure Configuration | Security Governance | Security Policy | Security controls | Security standards | Third Party | Third-Party Risk | Third-party risk management | Vendor Risk | Vendor Risk Assessment | Vulnerability Management