Information Security Manager, Security and Privacy

Information Security Manager, Security and Privacy

Information Security Manager, Security and Privacy  

Location: Helsinki or Tampere, Finland 

We are 3stepIT  

At 3stepIT we have a very clear purpose: to take care of the world’s technology. As a Technology Lifecycle Management provider, we have an ambition to reduce e-waste by helping businesses to consume technology more sustainably. We offer an end-to-end approach to accessing, managing, and refreshing IT devices that is cost-efficient, secure and environmentally friendly. Today we serve more than 3,000 customers worldwide and play an active role in the circular economy by refurbishing and reselling end of life IT devices. In doing so, we prevent over half a million devices from being destroyed and sent to landfill each year. 

Taking care is our mindset. We take care of our customers, of technology, of each other.

Information Security Manager, Security and Privacy  

Reporting to: Director, Security and Privacy, Group IT&Technology 

Job role and purpose:   

We are looking for an Information Security Manager in our Security and Privacy team to develop, implement and monitor 3stepIT´s information security and risk management frameworks. In this role, you will be responsible for maintaining and developing our information security management system (ISMS). This includes producing the necessary guidelines, processes, training and developing new controls as well as maintaining the existing ones. Additionally, you will carry out and organize audits to maintain our ISO 27001 certification. 

Part of your responsibilities will involve resolving security incidents, like rest of the team, and contributing to the design of relevant Security & Privacy KPI´s. You will organize, together with the Security Director, the monitoring of indicators within the organization and continuously work towards improving the effectiveness of ISMS through monitoring, auditing, analysis, and innovation. 

You will take business ownership of internal identity and access management (IAM) and maintain the information security risk management framework. Furthermore, you will implement and manage in-house development of security controls, such as security reviews and external security testing. As well as conduct vendor and security reviews and manage the vendor risk management process along with rest of the team. 

You will also be assisting sales with prospect- or customer security questionnaires (3rd party risk questionnaires) together with the Security Director and act as the liaison officer towards our partner BNP Paribas in security-related matters. Moreover, you will monitor the cybersecurity environment and take proactive action to mitigate emerging risks within 3stepIT, while providing security reporting and actively communicating with key stakeholders. 

Your main responsibilities:  

• Maintain and develop information security management system (ISMS) for 3stepIT
• Produce necessary instructions, guidelines, processes and training related to information security and if needed, also privacy guidance 
• Create and maintain processes to secure that ISMS documentation is kept up to date
• Maintain ISO 27001 certification independently 
• Take part in resolving security & privacy incidents (shared team task) 
• Take part in designing relevant Security & Privacy KPI’s and organize the monitoring of the indicators in the organization
• Continually improve the effectiveness of ISMS through a process of monitoring, auditing, analysis and innovation to ensure the prevention of work-related incidents and non-conforming products and services.
• Take ownership of internal identity and access management (IAM) 
• Implement and manage in-house development security controls, such as security reviews, external security testing (together with Security Architect) 
• Conduct vendor and security reviews and vendor risk management process (shared team task) 
• Help sales with prospect/customer security questionnaires (3rd party risk questionnaires, shared team task) 
• Monitor the cybersecurity environment and act proactively, when development within 3stepIT is needed to mitigate new emerging risks 
• Provide security reporting and active communication to key stakeholders 
• At least 5 years of experience in information security with some years in a role with a clear security governance focus 
• Proven track record of being able to manage small and mid-sized security development projects
• Experience with ISO 27001 audits or similar (e.g. PCI-DSS, SOC2) 
• Experience from creation and maintenance of security and privacy related processes (e.g. IAM, security reviews, security awareness programs) 
• Managing vendors and using commercial products in the security & privacy area (e.g. selecting a SOC-provider) 
• Experience from resolving security incidents 
• Experience from working in an international setup 

The role might involve limited travelling within Nordic countries and the UK. Position does not contain team leading responsibilities. 

Our company operates on a hybrid working model, allowing 50% on-site and 50% remote work flexibility. We offer you accessible office location in Ruoholahti, Helsinki or Hervanta, Tampere and public transport benefit or parking benefit and bike benefit. 

Please note that the selected candidate will need to pass the Finnish security clearance vetting (perusmuotoinen turvallisuusselvitys) before the employment takes place.

Qualifications and experience:   

• Bachelor’s or Master´s Degree in Computer Science, Information Systems, Engineering or other relevant field 
• Good understanding and hands on experience with information security management frameworks and standards, such as ISO27001, NIST, CIS, OWASP 
• Experience with conducting Information security risk assessments and ability to seek balance between business needs and acceptable risk levels 
• Experience with IAM setups 
• Security incident resolving skills 
• Understanding of cloud security (AWS, Azure) 
• Compliance and Regulation knowhow, such as NIS2, DORA, GDPR 
• Basic understanding of agile methods and secure software development practices 
• Basic project management skills 
• Ability to tolerate uncertainty and changing priorities 
• Enthusiasm to learn the latest information security industry practices and to stay on top of the industry (e.g. How to apply AI in Security) 
• Good communication skills and ability to negotiate and convince stakeholders of your views 
• Fluent in Finnish and English language skills, other Nordic languages are seen as an advantage 
• Industry certificates, such as CISSP, CISM or CISA considered as an advantage 

We understand that applicants may not fulfil all the requirements, therefore do not hesitate to apply, if you do not tick all the boxes. We can adjust the position based on the background and interests of the applicant to some degree. However, fluency in Finnish is mandatory due to some customer documentation and communication being available only in Finnish. 

In addition to a competitive pay package, you’ll also enjoy a range of benefits that make 3stepIT a place where we take care of you.

• Recognition and rewards   

Beyond your pay, we go a few steps further to make sure you’re properly recognized for your achievements. Some of the highlights include the 3stepIT Bonus Program and Employee Excellence Awards! You will also have possibility to buy technology devices from our refurbishment centers.

• Continuous learning   

People at 3stepIT are deeply curious, willing to seize learning opportunities and know that development starts with themselves. That’s why we offer ongoing learning opportunities like the Talent Development Program, coaching, training days, workshops and more. 

• Health and wellbeing   

A good work-life balance and wonderful workspaces are essential, but we go further. We want you to bring your whole self to work: a healthy mind and a healthy body. Breaks in your day are vital, so we avoid back to back meetings, and you’ll be offered a range of physical activities to get involved in. It’s all about being the ‘best you’ you can be. 

• Giving back   

You’ll have the chance to join colleagues in various team volunteering initiatives, as well as gaining funding and support for the causes you believe in. We call this ‘Walk the talk’ because we demonstrate through action that we take care of our planet. 

When you work with amazing people, it’s hard not to have a good time. From team challenges to sports activities and our annual conference, there’s plenty of fun stuff to get involved in at 3stepIT. 

Life at 3stepIT  

Being a 3stepper should be the best experience. That’s why we take care to build a culture of flexibility, learning and fun – because work and life should fit together effortlessly.

We’re a community who genuinely care for one another. We believe in solving problems together as one team. Leaders at 3stepIT collaborate closely with their teams and always remain approachable, no matter how senior they are. The atmosphere is friendly and future-focused, and we love fresh ideas.

Our core values give a great description of how we interact with each other: 

• Positive - We see opportunities and help others see them too.
• Passionate - We care about eliminating waste wherever we find it.
• Responsible - We take responsibility for our actions.
• Curious - We always want to learn more and improve.
• Amazing - We do great things for our customers and each other.

Contact details: If you have further questions, please contact Senior Talent Acquisition Manager Emmy Marjetta Tverin () 

Closing date: Please submit your application by Fri 3.5.2024. We will start to process the received applications already during the application period.

Contact person

URL to this page