Lead Security Architect/ CISO

About DigitalRoute

DigitalRoute has the only platform that is purpose built to convert raw usage data into billable items. This enables companies to capitalize on the growing wave of usage-based business models. More than 400 companies rely on our platform for usage-based monetization, quote-to-cash automation, finance system consolidation and telecom mediation. We deliver extreme precision in the most complex environments in the world. We’re the new standard for usage-based revenue.

DigitalRoute is truly a global company. With our HQ in Stockholm and offices all around the globe - we are more than 200 employees in 21 countries worldwide. We are Experts at what we do, passionate, and always seeking to improve. We are Open-minded and Committed to deliver on our promises.

As Lead Security Architect you will be our main expert in software security topics at DigitalRoute, with three main areas of responsibility:

1. Ensuring DigitalRoute delivers software and services that are secure and guarantees data privacy without sacrificing on usability. You will be working with product architects, developers and service leaders to select security tools, frameworks, set secure SDLC standards and provide them with very concrete guidance.
2. Lead the security topics within the virtual Compliance team that works together throughout the year to ensure we create an overall security strategy that will enable us to successfully comply to and renew our ISO27001, ISO9001 and SOC2 certifications.
3. Finally, as the most senior security expert at DigitalRoute you will also be holding the title of Chief Information Security Officer, consulting with our Head of Compliance and Head of Internal IT on security topics.

The Lead Architect/CISO reports to Demed, Chief Technology Officer (May as of June 2021 report to Head of Engineering, currently on maternity leave.)

Profile

• It is desirable that the candidate have a Master in Computer Science, or Information Security, or an equivalency of education and work experience.
• Experience working as a security architect, InfoSec consultant, CISO or other security-focused role is an advantage.
• Hands-on development or scripting experience (ideally Java or JavaScript) is required. (the role does not mandate any development work, yet main audience will be developers looking for very pragmatic and precise security guidance. ex: choice of standards, libraries, encryption levels, etc.)
• Good knowledge of ISO27001 and/or SOC 2 is a definite advantage and it is desirable that the candidate has participated in an audit of one or both.
• Right candidate is familiar with data security and anonymization techniques and understand the tools and frameworks available in this area in cloud environment, such as Amazon Web Services, Azure and Google as well as within the Hadoop ecosystem.
• Some understanding of Machine Learning techniques is needed, mostly to ensure fruitful conversations with data scientists.
• English proficiency is mandatory.
• The role requires structure, persistence, planning skills including natural aptitude to enthuse and engage people and shares knowledge.

It is also valued that the candidate is:

• unpretentious
• proactive
• pragmatic
• analytical and possesses the ability to extract the essentials from applicable regulations and frameworks.

Potential Challenges:

Technical profiles with experience as software developers may not be overly social and communicative. However, in this role it is of essence that the candidate is trustworthy and can be a liaison between the prod tech organization, the Head of Internal IT and the Compliance Manager Information Security. Thus, communication skills are of importance. Also, it is critical that the candidate:

• May have worked as software developer, security consultant
• Knows the meaning and process of scripting, penetration testing, and has worked with large volume of data.
• Has experience in leading virtual teams