Head of Compliance & IT Security, Cloud Protection for Salesforce
About this role
We are now looking for a Manager, Compliance & IT Security to lead and strengthen our internal security governance for Cloud Protection for Salesforce (CPSF) - a fast-growing cybersecurity SaaS business within WithSecure™.
We are seeking a highly skilled and proactive profile to strengthen our security posture, ensure adherence to regulatory requirements, and lead the continuous development of our security governance framework.
Your primary focus will be the building of a dedicated ISO/IEC 27001 Security Management System framework for the CPSF business (followed by continuous development, operation, and improvement afterwards), as well as the preparation and coordination of ISAE 3000 Type I/Type II assurance engagements. In addition, NIS2 compliance will be part of your attributions.
This role combines hands-on expertise with strategic oversight: you will own key security processes, guide the business in adopting best-practice controls, and manage compliance activities across the organization.
Responsibilities
- Information Security Management (ISO 27001)
- Build, own and maintain the Information Security Management System (ISMS) for CPSF in alignment with ISO/IEC 27001 requirements.
- Lead the yearly ISO 27001 cycle: risk assessments, internal audits, management reviews, and continuous improvement actions.
- Maintain, author, and update security policies, standards, and procedures.
- Coordinate with control owners across the business to ensure compliance and operational effectiveness
- ISAE 3000 Assurance & External Validations
- Coordinate the full lifecycle of ISAE 3000 (Type I & Type II) assurance engagements, including preparation, evidence collection, auditor interaction, and remediation.
- Ensure internal controls are clearly defined, consistently implemented, and accurately documented for audit readiness.
- Act as the main point of contact for external auditors and customers regarding security assurance matters.
- Security Compliance, Risk Manag