IT Security Officer– Incident Response & Event Monitoring

Are you ready to take on the challenge of creating a new security culture in an exciting fintech company? Resurs Bank is now looking for an IT Security Officer with focus on Incident Response & Event Monitoring.

About us

We offer a workplace with high commitment and great development opportunities. To build an IT environment that is at the forefront, we recruit curious and driven people who we encourage by giving responsibility and freedom.

We work actively with leadership, sustainability, gender equality and are proud of our Resurs spirit, which is characterized by cooperation, openness, and customer focus. With clear values as a basis, we dare to test new ways that lead us to even better services for our customers.

Resurs Bank has been pointed out as one of “Sweden's Career Companies” for the second year in a row, an award for companies that offer unique and attractive development opportunities.

The scope

In this role, you will be part of our IT Governance team granting you the opportunity to work in a true entrepreneurial fintech company.

The role is a key success factor in the creation of our new Cyber- and Information Security culture with special focus on cloud transition and increased security awareness across the organization. You will work in a team with competent and engaged colleagues, all reporting to IT Governance manager.

In this role, the transition is all about the creation of a best in class Event Monitoring, Security Incident Response and Cyber Crisis Management capability, you will

• have a key role in the establishment and long-term development of a qualitative external consolidated SOC. The SOC will perform monitoring, validation, initial response, and escalation of major and critical Cyber Security Incidents in accordance with our security incident response plan.     

• act as leader for the virtual Security Incident Response Team (SIRT), responsible for attacker timeline, incident event timeline, collection and analysis of data and artifacts, evidence preservation, coordination of short- and long-term containment, eradication, recovery during cyber security incidents followed by post incident activities as lessons-learned, reporting etc.

Typical activities

• Improve processes, routines and management reporting
• Compose and deliver situation reports to management
• Support the advancement of our cyber threat intelligence and vulnerability management programs
• Perform assessment of Security Incidents, and to promote over-all security awareness

About you

To succeed in this role, you have

• An academic but practical approach, you are most likely holder of a CRISC or CISSP certificate.
• Strong track record in Incident Response and Cyber Crisis Management with understanding/experience from SOC designed for Cloud security. Meritorious are experience of sourcing of external SOC and forensic analysis.
• Mature mentoring, coaching and team-organization skills to be used in the transformation towards our new security culture. Meritorious are experience from DevSecOps methods or relevant leadership training.
• Good communication and presentation skills and you could easily translate a complex technical issue or question into an easy understandable, qualitative problem description.

 We believe you have experience from

• Task force leadership from Cyber and Information Security Incidents
• Building playbooks for various attack vectors and potential incidents
• Performing forensics and utilizing forensics tools
• Malware reverse engineering
• SOC sourcing and long-term development
• Modern SIEM architecture for multi-cloud deployment (Azure, AWS or Google Cloud)
• Frameworks like MITRE ATT&CK and Cyber Kill chain etc
• Cloud Security Assessments and related frameworks (e.g., ISO 27000 series certifications, NIST 800 Series etc.

Working independently or in a team doesn’t matter since you are both self-organized and a team player. You will have great opportunities to develop within your area and you will be able to take initiatives and run projects within the Security Incident area in close cooperation with Cyber Security and Information Security professionals.

You are fluent in at least one Nordic language and in English, both speech and writing.

Resurs Bank is an online bank with offices across the Nordics. The majority of IT are located in Helsingborg and Malmö. Working remotely is normal for us but it is advantageous if you are reasonably close to a Resurs Bank office as you sometimes might need to be on site physically.

If you are not a Nordic citizen, a valid work permit to work in one of our Nordic countries is a must.

Other information

Start date: As soon as possible

Employment rate: Full time

Working hours: Office hours with flex

Remote work: Possibility to work from home some days

Any questions about the role, please contact Peter Gripner, IT Governance Manager, e-mail: [email protected]

Apply today & take part in our digital journey!

Selection and interviews take place on an ongoing basis and the position may be filled before the last application date. 

Resurs Holding (Resurs), som verkar genom dotterbolagen Resurs Bank och Solid Försäkring, är ledande inom retail finance i Norden och erbjuder betallösningar, konsumentlån och nischade försäkringsprodukter. Resurs Bank har sedan starten 1977 etablerat sig som en ledande partner för säljdrivande betal- och lojalitetslösningar för butik och e-handel och därigenom har Resurs byggt en kundbas på cirka 6 miljoner privatkunder i Norden. Resurs Bank har sedan 2001 bankoktroj och står under tillsyn av Finansinspektionen. Resurskoncernen har verksamhet i Sverige, Danmark, Norge och Finland. Vid utgången av det första kvartalet 2021 uppgick antalet anställda till 702 personer och låneboken till 31,6 miljarder SEK. Resurs är noterat på Nasdaq Stockholm.