openteamtailorverdane
Chief Information Security Officer (CISO)
inriver
Workplacenone
Posted2026-05-13T15:51:20+02:00
Last observed2026-06-13 05:24:41.056072
Job idverdane-inriver:teamtailor:fb9e1245-8abe-49fd-8c11-da2d992b0210
At Inriver, we help brands deliver better product experiences - everywhere their customers are. From the first product detail to the final purchase decision, we make product information work smarter. When our platform is secure, our teams ship with confidence and it enhances customer trust. More than 1,600 global brands trust their product data with us. Now we’re looking for a hands-on, technical Chief Information Security Officer (CISO) to take over from our outgoing CISO and lead the next chapter of our Enterprise Security, Product Security, Privacy, and Compliance function. About the role As our next CISO, you’ll own the following areas end-to-end at Inriver - Enterprise Security, Product Security, Privacy, and Compliance - covering strategy, operations and the hands-on work. You’ll work from our HQ office in Malmö, supporting our remote locations in Stockholm, Amsterdam, Davao and Manila. This is a high-impact role reporting to the CFO and close collaboration with the wider leadership team, and Legal and HR. You will get a genuinely hands-on mandate to modernize and strengthen Enterprise Security, Product Security, Privacy, and Compliance. For the right candidate, and depending on background and experience, there is potential for the broader IT function to also become part of this leadership scope. Why you’ll love this role 💙 • Own Enterprise Security, Product Security, Privacy, and Compliance - end-to-end across a global, PE-backed mid-size SaaS company • Run a modern Microsoft Azure security stack and a real product-security program embedded in our SaaS SDLC • Maintain compliance to SOC2, ISO 27001, ISO 27701, GDPR, NIS2, the EU Data Act and the EU AI Act. • Lead a small, sharp team • Work closely with the CFO & leadership team What you’ll do • Be the security partner to Engineering. Embed secure SDLC, threat modelling and SAST/SCA/DAST in our pipelines, and triage, identify mitigations, and prioritize security fixes for developers. Lead vulnerability management and analyse or test exploitability. • Plan, oversee and execute penetration testing for our product (internal and third-party), covering web application, API and cloud testing. You’ll personally run hands-on internal tests to find and validate exploitable issues, and manage third-party pen-testers for broader-scope and specialised engagements. • Own the security posture of our Azure environment and harden our infrastructure (Entra ID, Defender for Cloud, Sentinel, Conditional Access, PIM, Key Vault, Purview, Azure RBAC, etc.) and lead our Cloud Security Engineer to ensure that our product runs on secure Azure architecture • Own enterprise risk, third-party risk, BCP/DR, and the security awareness program (including executing phishing tests) • Own the SOC. Triage, investigate and respond to alerts from our MSSP/MDR/SOC and Microsoft Defender - including out-of-hours when it matters. Be the on-call escalation point for security incidents 24/7 and lead containment, recovery and post-incident learning. • Own security incident response. From the first alert to the post-mortem - triage, containment, eradication, recovery, and the lessons-learned that stop it happening twice. • Run our compliance program end-to-end across ISO 27001, ISO 27701, SOC2 Type 2, and GDPR any other EU-relevant frameworks such as NIS2, the EU Data Act, the EU AI Act. Take ISO and SOC2 audits to the finish line, hands-on in our GRC tool including writing and managing policies. • Run third-party / vendor risk management , in close collaboration with Legal. This includes due diligence, contractual safeguards, ongoing monitoring and offboarding. • Customer trust & commercial enablement: Represent Inriver externally on security, privacy and compliance topics in customer and prospect engagements. Partner with Sales, Legal and Customer Success on RFPs, security reviews, contractual discussions and enterprise due diligence processes. Help customers and prospects understand and trust Inriver’s security
This page is generated from the committed OpenOpps static snapshot. Use the source posting or apply link for the employer's current canonical posting state.