This position is based either at our headquarter office in Roskilde (Denmark) or friendly Warsaw (Poland) office where you will join our Information Security team, which is part of the Risk & Security area. Risk & Security is placed as a 2nd line function in BEC. The services delivered by the Information Security team are crucial and enabling BEC to deliver on its strategy, take strong decisions and maintaining customer trust. This is achieved by overseeing and monitoring how BEC manages and meets its Information Security Requirements.
The Information Security team supports 1st line in:

• Implementing security controls according to BEC’s control framework
• Validating the effectiveness of internal controls in the 1st line of defense in relation to BEC’s established Information Security Requirements
• Creating a consolidated risk picture for BEC and reporting to relevant stakeholders

It is your responsibility as an Information Security Officer to ensure that BEC is able to deliver secure, stable and compliant solutions to its customers, by ensuring that a sufficient and effective level of Information Security is upheld in processes and systems. You will be able to achieve this in collaboration with your colleagues in the Information Security team and the rest of BEC.
At BEC, we work in a hybrid remote model, coming into the office at least 3 days a week and the option of working remotely for 2 days. Your direct manager will be the head of Information Security, Dennis Jensen

Primary task and responsibilities include:

As an Information Security Officer you will work closely with stakeholders across BEC, primarily 1st line of defense and stakeholders from the two other teams in Risk & Security i.e., IT Risk and Enterprise Risk Management.
Together with colleagues from the Information Security team you will ensure that a sufficient and effective level of Information Security is upheld across projects and systems in BEC.
The Information Security team is responsible for the governance of the established Information Security Management System (ISMS), which includes a high degree of interaction with all your future colleagues in BEC. Your role involves supporting your colleagues throughout BEC on how to implement and interpret the Information Security Requirements, reporting and following up on the control attestations performed. The Information Security team is also responsible for managing the dispensation process, which includes evaluating any risks that originates from deviations towards the Information Security Requirements.
To succeed in this role, you must be able to understand and convey the established Information Security Requirements, the threat landscape, and applicable regulatory requirements to both technical- and non-technical colleagues. You will become part of a department passionate about its work and role in ensuring the critical financial sector, a ‘can do mindset’ will get you far.
Your primary tasks and responsibilities will include:

• Engage in dialogues with Lo B supporting and provide guidance on the implementation the Information Security Requirements
• Evaluating dispensations, which includes risk evaluation and ensuring that sufficient mitigation plans are in place
• Advice project, product- and business process owners in BEC regarding Information Security aspects
• Contribute to the reoccurring deliverables e.g., monthly management reporting, internal and external reporting, and assessments
• Maintaining and developing the general governance of BEC’s Information Security Requirements
• Supporting the Outsourcing Compliance team regarding Information Security aspects in procurement processes and regarding outsourcing work.

To succeed you will have:

Preferably, you hold a bachelor’s, a master’s degree, or similar education with 5+ years of experience from a similar position working with Information Security.
To us, curiosity and active listening is essential, and at BEC you'll join a community of helpful, ambitious, and tech-savvy people who love to explore and grow. We ensure that banks can comply with the legislation such as reporting requirements, providing solutions for individual banks as well as the entire community of BEC banks.
Furthermore, it is expected that you:

• Have experience and/or understanding of IT-infrastructure setup in relation to types of operating systems, cloud security, firewalls, etc.
• Have experience with Information Security related to people, processes and technologies
• Have knowledge of relevant security related standards and certifications, e.g., ISO27001+2, ITIL, NIST, PCI-DSS
• Are friendly and possess constructive communication skills, are people focused and a team player contributing to a positive team environment.
• Are self-driven and can manage multiple parallel tasks

With colleagues in teams distributed across Denmark and Poland, you must be fluent in English both in writing and orally

It’s nice-to-have:

• A CISSP, CISM, ISO Lead Implementer, SABSA or similar certification
• Experience with Governance Risk and Compliance modules, preferably in Service Now.
• Experience from working with the financial sector and/or a software development organization
• Experience with Service Now, JIRA, or similar tools

Be your best self with BEC’s Benefits!
We offer a diverse range of benefits for our employees. Here are just a few of them.

• Professional development
• Healthy, varied lunch and fruit in the canteen
• Active staff associations: yoga, cycling, gokart, salsa dancing etc.
• Flexible working hours
• Health insurance
• Referral bonus

What does the recruitment process look like?
Make us aware of your talent
We are an equal opportunities employer. We hire top talent regardless of race, religion, color, national origin, sexual orientation, gender identity, and age. We encourage all qualified candidates to apply.
If you have any questions related to the position, please contact Dennis Jensen via email dennis.jensen@bec.dk
You can also learn more about BEC by browsing our company culture book: wearebec.pdf