Senior IT Security Specialist

Job Description
Location: Stockholm or Oslo or Copenhagen

Department: Security & IT Governance

Reports to: Head of Security & IT Governance

About Us: Join our Security & IT Governance team at Lendo Group, which focuses on protecting our digital assets and ensuring compliance with industry standards. We are committed to maintaining a secure environment while fostering innovation and growth.

Position Summary: We seek a highly skilled Senior IT Security Specialist to join our team. This role is crucial in implementing robust security measures, ensuring operational security, and advising the Head of Security & IT Governance in maintaining a comprehensive security strategy. You will be instrumental in fortifying our systems and products against potential threats and vulnerabilities. Your expertise will be crucial in conducting security assessments, implementing best practices, and ensuring the integrity and resilience of our digital assets. The position covers all brands within Lendo Group in Sweden, Norway, and Denmark and reports to the Head of Security & IT Governance.

Key Responsibilities:

• Vulnerability management: Conduct regular vulnerability scanning using tools like Wiz, Detectify, and Vulcan. Identify, assess, and remediate security vulnerabilities.
• Bug Bounty program: Manage and optimise our bug bounty program, ensuring timely response and resolution of reported vulnerabilities.
• Security documentation: Maintain and update security documentation, policies, and procedures to ensure compliance with regulatory requirements and industry standards.
• NIST CSF compliance: Ensure alignment with the NIST Cybersecurity Framework and maintain an up-to-date understanding of industry standards and best practices.
• Risk management: Help update and manage the risk register, identify and evaluate risks, and develop mitigation strategies.
• Security awareness: Educate employees on security best practices and policies.
• Incident management: Respond to and manage security incidents, conduct thorough investigations, and implement corrective actions.
• Advise teams: Work closely with software developers, architects, and system engineers to integrate security measures throughout the software development lifecycle. Advise different teams in remediating security issues or vulnerabilities.
• Stay updated: Stay updated on emerging threats and industry trends, making recommendations for continuously improving our security posture.

Other tasks you may encounter:

• Security tools management: Implement and manage security tools and technologies to enhance security.
• KPI setting: Assist in setting and monitoring Key Performance Indicators (KPIs) for security initiatives.
• Quality assurance: Ensure that security measures meet quality standards and contribute to continuous improvement processes.
• Data operations: Streamline data operations to enhance security and efficiency.
• Design and develop security strategy: Design, develop, and implement the security strategy, protocols, and best practices to ensure the integrity and resilience of our software systems and cloud environments.
• Security by design: Promote and implement security by design principles throughout the organisation. Advise development teams to ensure secure coding practices.

Qualifications:
Education: While a Bachelor's degree in Computer Science, Information Security, or a related field is preferred, we understand that relevant experience can be just as valuable. We encourage candidates with strong practical experience in IT security to apply, even if they do not meet the formal education requirements.

Technical skills:
- Proficiency in vulnerability scanning tools (Wiz, Detectify, Vulcan).
- Strong understanding of NIST CSF and mitigation techniques.
- Proficiency in programming languages.
- Knowledge of Cloud environments (AWS, GCP).

Experience:
- Extensive experience in security roles. Preferably with a background in software development and secure coding practices.
- Hands-on experience with vulnerability management.
- Familiarity with bug bounty programs and security documentation.

Soft skills:
- Excellent analytical and problem-solving skills.
- Strong communication and interpersonal skills, with the ability to advise and manage both technical and non-technical stakeholders.
- High attention to detail and organisational skills.

Nice to haves:

• Relevant security certifications such as CISSP, CISM, or CompTIA Security+ are highly desirable.
• Knowledge of pentesting.
• Experience in writing policies and procedures and performing audits.
• Knowledge of applicable regulations (ISO 2700x, GDPR, PSD2, DORA).
• A good understanding of the cyber security threat landscape.
• Good knowledge of OWASP Top 10.

About Lendo:
Do you want to be a key player in growing a company that works to empower consumers to make smarter and more conscious financial decisions? If so, Lendo offers you the opportunity to work in an entrepreneurial environment across Scandinavia, striving to reach a growing number of users with services that help them save money and manage and improve their personal finances.

Lendo is the leading marketplace for loans in Scandinavia, where people seek guidance, browse, get, and manage consumer loans, car loans, credit cards, business loans, and mortgages. Since 2009 Lendo has been part of the Schibsted family of brands and operates in Norway, Sweden, and Denmark, employing over 250 talented colleagues. Every day, we make it easier for people to get a fair price on loans, often significantly reducing their interest rates.

We offer:

• A place for everyone - an international environment, we have teammates coming from 20+ different countries
• Be a part of the Schibsted family with endless possibilities
• Room for you to do things your way
• We like to inspire your passion by organising hackathons, and knowledge-sharing events, as well as giving you the opportunity to join global conferences
• There are lots of things you can learn through our Schibsted Learning platform, skilled sparring partners as well as make use of a good budget for competence development
• A wellness program if you want to do yoga, meditation, running, and other activities with colleagues and coaches
• 4 000 SEK of health promotion allowance
• 30 days of paid leave
• Central office location depending on the country and a hybrid workplace
• We also chip in on your pension and give you extra Schibsted shares for free if you join our share-saving plan
• And yes, we have the industry standard perks such as team activities and fun parties!

We will be reading applications until July; after that, we are on summer break. We will pick up the processes in August. Apply as soon as possible—if the matching candidates apply, we can fill the position before the job ad extends.

Questions? You are welcome to get in touch with Johan Rundquist, Head of Security and IT Governance, at: e-mail or our Talent Acquisition Partner at e-mail

Work with great people
Mauro Avellaneda

Frontend Engineer

"Working at Lendo means being part of a team of smart and supportive colleagues, creating a collaborative and dynamic environment for personal and professional growth."

Michelle Holmberg

Product Owner

"Lendo is a place where I get inspired, develop my skills and get challenged every day. I get to work closely with product and tech and it is fun to follow the journey from idea to final result."

Oda Cecilie Hansen

Team Lead Customer Service

"At Lendo, you get to work with fun, talented and ambitious people who cheer each other on to find the best solution for our customers."

Edwin Li

UX Lead Global

"Having customer centricity in mind is so important for creating great experiences for them, and that is what I love about Lendo. Everyone is very collaborative and that makes it more fun to work here!"