Lead Security Officer with a strong background in Offensive Red Teaming, Chief Security Office

Job ID: 13470 

Would you like to play a key role in ensuring that Nordea is protected against cyber security threats? We are looking for an experienced Lead Security Officer to help us build an independent Red Team function within the Technology Security Oversight (TSO) team.

Welcome to the Technology Security Oversight team in the Chief Security Office, second line of defense function within Nordea Group Risk. Technology Security Oversight (TSO) provides independent oversight and assurance testing of the implemented operational security controls and governance in the bank, and ensures that that implementations in the operational units are effective.

We add value to Nordea and to our customers by managing the information security risks and enabling managers and employees to act correctly in protecting the confidentiality, integrity, and availability of information. We do that in strong collaboration with business areas and Group functions such as our implementing Cyber Security, IT Operations, and software development organisations. This unit supports the entire Nordea Group.

Our mission is to:

• Build upon the development of the risk landscape, regulatory changes, the business strategy, the risk appetite, internal, external, and regulatory findings, results from benchmarking assessments (such as a NIST assessment) and considers the ongoing implementation of earlier security objectives.
• Improve transparency on cyber risks and maturity of Nordea’s cyber defense capabilities. Build up on international standards and best practices where possible.
• Further improve Nordea’s cyber defense capabilities to drive the risk of Cyber threat within our risk appetite.
• Keep Nordea compliant with regulatory requirements.

At Nordea, we are committed to being a partner our customers and society can count on. Compliance and integrity go hand in hand. Joining us means you’ll have an impact on how we do banking – today and tomorrow. So, bring your ideas, skills, and unique background. With us, you will be in good company with plenty of opportunities to collaborate, grow and make your mark on something bigger. 

About this opportunity

We are looking for a Lead Security Officer who will act as a Red Team Lead. The TSO Red Team acts as an independent function and operates in parallel with the primary Red Team and Penetration Testing functions in the operational first line of defense. This to ensure the independent view of the critical areas in the bank.

By identifying weaknesses in People, Processes and Systems across the Group, using best practice Red Team methodologies, you will play a valuable role in driving and implementing strong governance and oversight of (security) technology, e.g. in governance of vulnerability management, patch management, security testing, CSOC, Detection and response, Cloud security, application, and infrastructure security, Zero Trust and Secure DevOps.

We would like you to lead the Red Team exercises from defining the team’s operating practices, creating the conception and task planning to execution and reporting the results to the relevant stakeholders. You will not have direct people responsibilities, but we would like you to be involved in building and coordinating the team.

What you will be doing:

• Design and build the independent Red Team function in the Chief Security Office.
• Conceive, design, and execute Red Team exercises across the Nordea Group.
• Translate Red Team results into Risk Management Oversight reporting.

The role can be based in Gdynia, Warsaw or Helsinki.

Who you are

Collaboration. Ownership. Passion. Courage. These are the values that guide us in being at our best – and that we imagine you share with us.

To succeed in this role, we believe that you:

• Have a sound, competent and fine-tuned security risk judgement plus ability to bridge the technical and the regulatory requirements.
• Hold integrity and trust as your core values.
• Have excellent collaboration and stakeholder management skills, enabling you to navigate in a complex organizational environment and communicate the intent, purpose, and results on a senior management level.
• Will enjoy coordinating the team and the execution of tests.
• Demonstrate structured thinking and are comfortable working with complex assignments.
• Are proactive, independent, pragmatic and solution oriented.

Your experience and background:  

• Have a solid understanding of Risk Management and a strong technical background as an experienced Red Team tester,

• You have superior English spoken and written skills,
• And the following qualifications are well regarded:
  • Relevant Bachelor or Master's degree in a technical subject,
  • Relevant security/risk certifications such as CRISC, CISM, CISSP, SANS SECxxx.

If this sounds like you, get in touch!

Next steps

Submit your application no later than 05/06/2023.

At Nordea, we know that an inclusive workplace is a sustainable workplace. We deeply believe that our diverse backgrounds, experiences, characteristics and traits make us better at serving customers and communities. So please come as you are.

Please be aware that any applications or CVs coming through email or direct messages will not be accepted or considered.

For Polish candidates only - Please include permit for processing personal data in CV as following:

In accordance with art. 6 (1) a and b. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) hereinafter ‘GDPR’. I agree to have: my personal data, education and employment history proceeded for the purposes of current and future recruitment processes in Nordea Bank Abp.

The administrator of your personal data is: Nordea Bank Abp operating in Poland through its Branch, address: Aleja Edwarda Rydza Śmiglego 20, 93-281 Łodź. Your personal data will be processed for the recruitment processes in Nordea Bank Abp. You have a right to access your personal data, right to rectify and right to delete. Disclosing the personal data in the scope specified by the provisions of Polish Labour Code from 26 June 1974 and executive acts are mandatory. Providing personal data is necessary to conduct the recruitment processes. The request for the deletion of your personal data means resignation from further participation in recruitment processes and causes the immediate removal of your application. Detailed information concerning processing of your personal data can be found at: privacy-policy.2021.pdf (nordea.com)

We reserve the right to reply only to selected applications.