Information Security Officer

Are you prepared to work with information security compliance in a group that works with many industry-leading companies around the world? Join us as Information Security Compliance Officer and add business value by bringing your audit competencies into play.

“At Stibo we continuously seek to improve our level of information security – not just because we want to protect ourselves, but also because we work with some of the most well-known brands in the world. In our field, we are faced by increased demands within information security compliance from both regulators and customers, and therefore we would like to extend our GRC-team with a compliance and audit specialist” says CISO Martin Nielsen, Group Governance, Risk & Compliance.

Join Group Governance, Risk & Compliance
The Group GRC department is responsible for establishing and maintaining a high level of information security, quality and privacy standards, primarily covering the sister companies Stibo Systems and Stibo DX. Our work is based on the 3 pillars:

• Governance (e.g. Policies and procedures, awareness and aligning with business objectives)
• Risk (e.g. Risk management activities, incident response, supplier management)
• Compliance (e.g. Internal audits, KPI reporting and RFPs)
  

Across the pillars, we work with various standards and frameworks e.g. ISO 27001, ISO 27002, GDPR, ISO 27701, ISO 9001, NIS2, CIS18 and SOC2 with continuous extensions due to new regulations, customer demands and business strategies.

We are currently 7 people in the Group GRC department, working within and across the pillars, and we expect our new colleague to be supporting the ‘Compliance’ pillar primarily.

We offer you a challenging position, where you as an individual will have a key role in influencing work procedures and service offerings to our stakeholders and customers. In our department, we appreciate an open and honest work environment, we care and support each other, and we value professionalism and professional discussions. Furthermore, we are a modern workplace with flexible hours, a great canteen, various small and big company events during the year, and many other benefits.

The role and the colleague we are looking for
We are looking for an Information Security Compliance Officer (/Lead Auditor) to carry out activities in relation to the relevant ISMS requirements (internal audits) but also other compliance controls and reporting to ensure the implementation of policies, procedures, and controls.

The tasks and responsibilities of our new colleague includes, but is not limited to:

• Conducting internal audits according to ISO 27001, incl. planning and coordination.
• Develop audit plans and programs.
• Develop audit reports and ensure follow-up on findings.
• Coordinate and participate in external ISO 27001 audits.
• Coordinate the annual ISMS audit.
• Contribute to and ensure continuous improvement of audit procedures in our matrix organization.
• Ensure continuous collaboration and knowledge sharing between standards (e.g. ISO 9001 and ISO 27701).
• Compliance reporting on e.g. CIS18.
  

If you have the interest, other tasks could also be a part of your job description:

• Facilitate and further improvement of post-incident activities.
• Plan incident response tests.
• General security incident reporting.

We imagine that you:

• Are a certified ISO 27001 Lead Auditor or have a strong interest in becoming one soon.
• Have strong language skills in English and possibly Danish.
• Have the flexibility to and interest in traveling to our local offices for audits (across time zones). This means that we extend the same kind of flexibility towards your needs and everyday life. Some remote audits are possible.
• Are comfortable working independently, but also in groups and teams – and with colleagues internationally.
• Can communicate with different levels of the organization and possess strong stakeholder management capabilities.
• Have an understanding and natural interest in security frameworks and IT as we are a software development house.
• Have experience from similar roles, e.g. as a consultant.
• May have other relevant education and/or certifications e.g. CISA, CRISC, ESL, CISM.

Furthermore, basic knowledge of CIS18, NIS2, ISO 27701, ISO 9001, ISO 22301 is a plus but not a requirement.

This is Stibo
Stibo A/S was founded in 1794 as a printing company to serve the Royal House of Denmark and is still privately held and owned by the Stibo Foundation, whose charter is ensuring the long-term development and survival of the company and contributing to the community. Since 1965, all company profits have been reinvested in the business and in charitable organizations throughout the world. To learn more about the Stibo Group please go to www.stibo.com.

Stibo Group consists of 3 subsidiaries with 25+ locations worldwide:

• Stibo Systems – a globally leading provider of master data management (MDM) and product information management (PIM) solutions.
• Stibo DX – a globally leading provider of content management systems (CMS) and digital asset management (DAM) solutions.
• Stibo Complete – a leading printing company in Scandinavia.

Being present on 5 continents requires us to have a cultural openness, and we consider our colleagues key to our success and together we continue to create a diverse, unique and exciting work environment.

Interested?
We invite candidates for interviews on a continuous basis, so please apply as soon as possible.

Should you have questions about the position, you are also welcomed to contact Mads Johansen by calling +45 61 35 95 65

We look forward to hearing from you.
Location: Aarhus