Vacant job

In this role, you lead the work on information security and regulatory compliance within Vitec Group IT. As Compliance and Security Officer, you are responsible for developing, implementing, and maintaining the group's security framework, grounded in ISO 27001, NIS2, and GDPR.

You own the risk treatment plan, drive internal audits, and ensure that controls are implemented, documented, and verifiable. You also consolidate the governing documents – policies, guidelines, and procedures – and serve as a resource for the group's business units on all matters related to information security.

Thanks to the work you and your colleagues in Group IT do, Vitec's 1,850 employees can trust that their data and systems are protected. Your role is central – both operationally and strategically.

Your main areas of responsibility

Information Security: Own and further develop Group IT's security framework based on ISO 27001, and ensure practical compliance.

Laws and Regulations: Ensure compliance with GDPR, NIS2, CSL, etc. Drive and follow up on internal and external audits. Act as the contact point for supervisory authorities and external auditors.

Risk Management: Conduct risk analyses, create and maintain risk registers, and report risk status to management.

Training and Culture: Plan and conduct information security training and strengthen security culture throughout the organization.

Suppliers and Third Parties: Assess suppliers from a security perspective and participate in procurement and contract reviews.

What we offer you

We offer you a role with real authority and impact. You will be part of an engaged team at Vitec Group IT and report directly to the CIO. You will get:

• A key role where your work is visible and makes a difference for the entire group.
• Great freedom to shape and drive security work forward, with support from management.
• Opportunity to grow with an organization in constant growth and internationalization.
• Secure employment in a stable, listed company with a long history and clear values.
• Colleagues with high technical competence and a genuine interest in doing the right things the right way.

You will surely thrive with us if you are driven by responsibility, integrity, and the desire to build something sustainable – in an environment where security is taken seriously.

Who are you?

We are looking for you who combine technical understanding with the ability to navigate complex regulatory landscapes – and who can communicate this pedagogically to both technical and non-technical audiences.

You need to have

• Relevant higher education in IT and information security, or equivalent experience.
• Experience in information security work in an IT or software development environment.
• Practical experience with regulatory compliance against security standards and audits.
• Good technical understanding of cybersecurity in private and public operational environments.
• Knowledge of standards such as ISO 27001 and regulations such as GDPR, NIS2/CSL, and DORA.
• Fluency in Swedish and English, both spoken and written.

It is an advantage if you have

• Certifications such as CISM or ISO 27001 Lead Implementer/Auditor.
• Experience with SOC 2 or similar frameworks.
• Experience working in a group environment with multiple companies and business units.

As a person, you are analytical and structured, and can make complex regulations understandable and useful in everyday life. You are good at explaining and adapt your message to the recipient, regardless of technical background. At the same time, you drive your work forward independently and are accustomed to driving issues without line responsibility. You have strong integrity and independent judgment that helps you make autonomous, well-founded assessments.

Does it sound interesting?

If you want to know more, you are welcome to contact our CIO Jonas Westling at [email protected] or phone 090-154906.

Start: Autumn 2026

Scope: Permanent, full-time

Location: Umeå, Kalmar

Application deadline: 2026-06-15

We look forward to hearing from you!

About Vitec IT

Vitec IT is part of Vitec Software Group and currently has over 30 employees who manage the group's IT services in the Nordics and Northern Europe. The services include operation of production systems for our public cloud services, operation of internal IT systems, and internal user support.

About Vitec Software Group

Vitec is a leader in Vertical Software and has its origin and headquarters in Umeå. Our products have been developed based on specific needs within different niches in society. The expertise of our employees, combined with our shared corporate culture and business model, enables continuous improvements and innovations. We grow through the success of our business units and through acquisitions. Everything we do, we do with a long-term perspective. Because we are trustworthy – today and tomorrow. Vitec has 1,850 employees, is listed on Nasdaq Stockholm, and had a net revenue of 3,633 million SEK in 2025. Read more at vitecsoftware.com.