F-Secure delivers research-led cyber security to defend organizations, society and people from real-world attacks and build resilience into their approach. Our people are a mix of technical and creative experts – diverse, talented, and passionate people – working tirelessly to help us advance the industry with new ways of thinking. They lead their own development, in and out of the office. They call the shots when it comes to building a place to call home in our organization.
As our Information Security Manager (B2B), you will work closely with our business leadership and security team with a mission to ensure that the company continues to stay secure and is able to evidence its good security posture in a manner that satisfies our internal standards and external expectations. We already have a dozen sites across four continents certified with ISO 27001, with everyone involved consistently finding the experience positive and the results helpful to their cause. We are also taking our first steps to have selected operations covered by ISAE 3000 (SOC 2) assurance reporting.
You will join our multidisciplinary internal team of seasoned security professionals and get the privilege to serve the whole global F-Secure family of companies.
Your primary business stakeholders are our external business units serving clients from enterprise down to SMBs. Combined, they cover a diverse offering ranging from security consultancy to managed security services and software solutions. A large part of the job will be to help the sales teams and account managers negotiate security terms with customers and to help delivery teams meet their clients' expectations. Customers are increasingly interested in quantifying and managing risks their cyber security supply chain which puts extra burden on the product owners and the security team to respond to external requests.
Our ISMS operates on lean principles, and integrates deeply with our risk process and security incident management, security improvement tracking, and IT change management workflows. This enables us to identify and manage cyber security risks effectively and to produce evidence of our security posture. We regularly subject our operations and business assets to audits which you will participate as auditor, host or a subject matter specialist.
The constant grind of security anomaly investigations, penetration tests and other kinds of technical security assessments provide us with additional visibility to what works and what not and you will participate in evaluating the overall effectiveness of our defences with the wider team. We constantly engage in dialogue with our stakeholders over how to improve security across the board and expect you to be familiar with coaching methodology to achieve satisfactory goals.
What are we looking for?
You have first-hand experience in security management systems, risk management and security assurance. Familiarity with ISO 27001 audit practices, cyber security risk assessments and ISAE 3000 (think of: "SOC 2") security assurance testing will be appreciated. NIST Cyber Security Framework and MITRE ATT&CK are not a mere theory to you.
We are a cyber security company, so we expect solid understanding of information security basics and the "laws of physics" behind cyber security technologies. We'd appreciate if you could demonstrate this for us.
Familiarity with F-Secure B2B products and services and business strategy is a must in order to succeed in this role, but we acknowledge that this aspect requires constant studying to keep up-to-date.
What will you get from us
If you have ever wondered what good looks like from security management systems point of view, look no further. If you want each working day to involve exchange of ideas, professional sparring and the pleasure of finding things out, this is your chance to join the winning team!