Head of Group IT Security/CISO for Confirma Software

Confirma Software is a new Nordic platform acquiring strong enterprise software companies with specialized offerings for SME customers and public sector. The group currently consist of 25 acquired companies. We anticipate continued growth, through acquisition, of 3-6 companies on an annual basis.

Confirma Software is backed by Abry Partners, a private equity fund based in Boston, MA.

Foundedin 2019

Co-workers520+

Turnover 100 M€

Role Description

This is an opportunity to join a quickly growing dynamic organization in the early stages of development into a pan-Nordic powerhouse in enterprise software.

We are looking for a person who is a part of a current CISO, IT or IT security team in an organization but feels it's time to start your own journey as a Head of Group IT Security in an organization that is growing rapidly by acquisitions.

The Head of Group IT Security will be responsible for establishing and maintaining the enterprise-wide security strategy, managing security risks, ensuring compliance with industry regulations, and leading the development of security architectures for a complex landscape that spans software solutions, payment systems, IoT/OT, and SaaS platforms. The individual will be a hands-on leader who can effectively communicate with senior management while empowering and guiding teams across multiple subsidiaries to enhance the organization's cybersecurity posture.

Confirma Software is on a rapid growth journey and this is a corporate role. As a candidate you will have to be flexible and adapt to the different situations as they arise.

This is a full-time role. We expect the successful candidate to be located in Sweden, Norway, Demark or Finland. As the group has operating companies in many locations within the Nordic region, the specific location in the Nordics is of lesser importance but travel within the region will be necessary.

Key Responsibilities

Risk Management & Governance

• Oversee the identification, assessment, and prioritization of cybersecurity risks, implementing risk management strategies across business units.
• Ensure compliance with relevant industry standards and frameworks, including NIST Cybersecurity Framework (CSF), ISO 27001/27002, CIS Controls, and PCI/DSS, as applicable to different parts of the business.
• Lead security governance efforts, ensuring that relevant policies, processes, and procedures are in place and followed throughout the organization.

Compliance & Regulatory Oversight

• Together with each business, ensure adherence to relevant regulations (GDPR, PCI/DSS, etc.), maintaining secure and compliant operations in debt collection, payment solutions, and public sector software.
• Oversee data privacy and protection efforts, especially in businesses involving sensitive customer and financial data.
• Conduct regular audits and assessments to ensure compliance with internal and external standards.

Security Architecture & Technology

• Develop and maintain the security architecture for IT systems, IoT/OT environments, SaaS platforms, and software solutions.
• Oversee the implementation of cybersecurity technologies such as firewalls, SIEM, encryption, IAM, endpoint protection, and secure development practices.
• Provide technical guidance to development teams, ensuring DevSecOps and secure coding practices are adhered to.

Incident Response & Threat Management

• Lead, mentor, and develop cybersecurity teams within the various companies, ensuring that they are equipped with the latest skills and knowledge.
• Foster a culture of cybersecurity awareness across the organization through training programs, security drills, and awareness campaigns.
• Drive a collaborative security environment, empowering team members to lead security initiatives while providing strategic guidance and oversight.

Key Qualifications

Experience

• 8+ years of experience in IT and information security, with at least 4 years in a leadership role (CISO, deputy CISO or team lead).
• Experience in leading security efforts in diverse environments, including software development and SaaS. Experience also with IoT/OT and payment systems is an advantage.
• Proven track record of implementing security strategies across multiple subsidiaries or companies with varying business models.
• Strong knowledge and experience with security operations, risk management, incident response, and security architecture.
• It is an advantage if you have knowledge or experience from the financial sector.
• It is an advantage if you have experience from enterprise IT architecture.

Certifications

• Professional certifications such as CISSP, CISM, CISA, or CRISC are desired.
• Certifications specific to compliance and governance frameworks (e.g., ISO 27001 Lead Auditor, PCI/DSS QSA) are highly preferred.

Standards and Frameworks

• In-depth knowledge of NIST Cybersecurity Framework (CSF), ISO 27001/27002, CIS Controls, and PCI/DSS standards.
• Experience in aligning security programs with legal and regulatory requirements (GDPR, CCPA, etc.).

Technical Knowledge

• Hands-on experience with security technologies such as SIEM, firewalls, encryption, IAM, and endpoint protection.
• Strong understanding of DevSecOps practices and secure coding methodologies.
• Familiarity with the security challenges related to IoT/OT systems, including securing embedded systems and industrial networks.

Leadership and Communication Skills

• Proven leadership abilities to manage cross-functional security teams and drive change across the organization.
• Strong communication skills, with the ability to convey complex security concepts to non-technical stakeholders, including senior management and board members.
• A collaborative leader with the ability to influence and lead through others, fostering teamwork across distributed teams.

Personal Attributes

• Hands-On Leadership: Able to roll up sleeves and directly contribute to security operations while guiding teams in our operating companies.
• Strategic Thinker: Capable of aligning cybersecurity initiatives with the broader business strategy, managing risks without hindering innovation.
• Proactive Problem Solver: Able to anticipate security challenges and proactively implement solutions.
• Collaborative and Adaptable: Able to work across our operating companies with differing needs, fostering a security-first culture.
• Language: Fluent ability to communicate verbally and in writing in English is required.

Locations Confirma Software Remote status Hybrid