Information Security Officer at Northmill Bank

Northmill Bank AB

Stockholms län, Stockholm

Previous experience is desired

~55 500 kr / per month ->
Fixed monthly, weekly, or hourly salary

Published 2026-05-05 Permanent employment Full time

149 days left
to apply for the job

Apply now

Northmill Bank is a challenger bank at the intersection of technology and finance, committed to revolutionizing the way people manage and protect their financial well-being. We are creating a different kind of banking experience, digital yet personal.

Northmill Bank was founded in 2006 and has grown to over 240 employees in 3 countries, 4,000 merchants and 600,000 end users. We use the latest technology to develop safe, smart, and user-friendly products for our customers. They are the sole reason why we do what we do. We are a 100% cloud-based product company where technology is the driver to create smarter banking products.

Grab this opportunity to be a part of us and our journey!

About the role

The Information Security Officer is a subject matter expert and a member of the Information Security team in the second line of defense. The team is tasked with providing governance, oversight, and guidance, meaning writing policies for ICT and monitoring and controlling the first line's compliance with these policies. The team also has a number of security capabilities that we provide ourselves, such as technical security scanners or security training activities.

While the team's primary responsibility is governance and oversight, this is a small bank, and you will also play a hands-on role in driving security initiatives, designing procedures, and building security capabilities. You will directly influence the secure design of systems, support risk management, and respond to security incidents.

Much of the information security material needs a significant rewrite, so this role comes with a great opportunity to use prior experience to influence the Bank’s ways of working, risk appetite, and ultimately its risk posture.

You will have a blank canvas to modernize our security framework, moving us from legacy documentation to a lean, ISO 27001-aligned 'Version 2.0.' This is a rare opportunity to use your experience to directly shape the Bank’s ways of working, risk appetite, and long-term security posture.

What you will do

Translate information security requirements into practical, effective, and business-aligned policies, procedures, guidelines, or strategies. Northmill is both a bank and a payment provider in multiple European regions and has a number of business requirements affecting information security.
Monitor compliance for our internal information security rules and our applicable business and regulatory requirements. DORA, GDPR, PSD2, FFFS, Visa, Swift, Swish, Bankgirot, Rixbanken, etc.
Structure information security requirements in the ISMS in alignment with the ISO 27001 standard.
Act as an advisor and lead for information, cyber security, or privacy incidents.
Serve as a subject matter expert within privacy and data protection.
Act as a subject matter expert in relation to our PCI-DSS certification and conduct readiness assessments towards the business. Keep track that recurring tasks are performed as needed.
Contribute to reporting towards supervisory authorities (e.g., SFSA, IMY, FIN-FSA).
Ensure that the organization has relevant security awareness and training in place.
Lead and participate in Business Impact Analysis, ICT vendor approval, the Register of Information, Critical and Important functions, ICT Risk assessments, Data Protection Impact Assessments, IA-act risk assessments, NPAP, and various GAP analyses.

What we are looking for

Experience working as an Information Security Officer or in a similar role.
Hands-on experience in developing policies, procedures, and security frameworks.
A pragmatic mindset and a strong understanding of how to balance regulatory requirements with business needs.
Strong problem-solving skills and the ability to operate in a dynamic environment.
A collaborative approach and willingness to work closely with different parts of the organization.
Professional proficiency in both Swedish and English (Finnish or German is a plus).
Based in Stockholm, with EU/EEA residency or citizenship.

Certifications such as CISM or ISO 27001 Lead Implementer are meritorious, but not required.

What we offer