Chief Information Security Officer (CISO)

Tasks

• Analyze or test exploitability
• Configure Defender for Cloud
• Embed secure SDLC
• Escalate risks to CFO and executives
• Execute phishing tests
• Harden Azure infrastructure
• Implement Azure RBAC
• Integrate DAST
• Integrate SAST
• Integrate SCA
• Lead compliance audits and remediation
• Lead incident containment eradication recovery
• Lead post incident learning
• Lead vulnerability management
• Maintain trust center controls and certifications
• Manage 24/7 incident escalation
• Manage Entra ID security
• Manage Key Vault access
• Manage PIM
• Manage policies in GRC tool
• Manage third-party penetration tests
• Operate SOC incident triage and investigation
• Own Azure security posture
• Own enterprise risk management
• Own enterprise security end to end
• Own privacy and compliance program end to end
• Own product security end to end
• Own third party risk management
• Perform internal penetration testing
• Perform threat modeling
• Plan and execute penetration testing
• Represent security privacy and compliance in customer engagements
• Respond to alerts from MSSP and MDR
• Run BCP DR planning and execution
• Run security awareness program
• Set up conditional access
• Support RFP security reviews and due diligence
• Triage security vulnerabilities
• Use Sentinel for security monitoring

Perks/Benefits

• Career growth
• Hybrid work
• On site in Malmö
• Social activities
• Supportive team culture
• Workplace flexibility

Skills/Tech-stack

AI Act | Application Security Testing | Azure Key Vault | Azure RBAC | Azure Security | Business Continuity | Code review | Composition analysis | Conditional Access | Cost Management | Data Act | Defender for | Defender for Cloud | Disaster Recovery | Drata | Dynamic Application Security | Dynamic Application Security Testing | EU AI | EU AI Act | EU Data Act | Entra ID | Exploitability analysis | GDPR | GRC | GRC platform | ISO 27001 | ISO 27701 | IT cost management | Identity Lifecycle Management | Identity Management | Identity lifecycle | Incident Management | Incident Response | Information security | Infrastructure as Code | Key Vault | Lifecycle Management | Microsoft 365 | Microsoft Azure | Microsoft Purview | Microsoft Sentinel | NIS2 | Penetration Testing | Phishing Simulations | Privileged Identity | Privileged Identity Management | Risk Management | SOC 2 | SOC Operations | SaaS administration | Secure SDLC | Security Governance | Security Incident Management | Security Testing | Security awareness | Security incident | Software Composition | Software Composition Analysis | Static Application Security Testing | Third Party | Third-Party Risk | Third-party risk management | Threat modeling | Vulnerability Management | “as-code”