ICT Risk & Security Engineer

About Klarna

Klarna was founded in Stockholm, Sweden in 2005. Since then we've changed the banking industry forever. And now we're creating the world's smoothest shopping experience. We serve over 90 million consumers worldwide, and partner with 250,000 merchants – with a new merchant joining us every 8 minutes. Including some of the world's leading brands, such as H&M, ASOS, IKEA, Adidas, Samsung and Lufthansa. Our offices are spread over 17 different markets, hosted by 4000+ employees from 100+ nationalities.

Engineering at Klarna is an inspired, customer focused community, dedicated to crafting solutions that redefine our industry. Working in small, highly collaborative Agile teams, you and your team will have a clear mission and ownership of an important outcome that supports Klarna and our customers. At Klarna we optimise for quality, flow, fast feedback, focussing on end-to-end ownership, continuous improvement, testing, monitoring and experimentation. We aim for teams that are inclusive, helpful, and have a strong sense of ownership for the things they build.

Our engineers make some of the most significant decisions for the company and we are looking for bold, open and curious developers. As a Klarnaut, you’ll be inspired to contribute to the growth of Europe’s most highly valued fintech and your work will reach millions of users.

It’s our vision to build a fully quantified ICT & Security Risk management framework that is able to identify and predict ICT and security risks. As a member of the ICT & Security Risk Management team, you will analyse the scope and impact of risk-related topics such as breaches of confidentiality, system, and data integrity failures, system dependencies, and inappropriateness or unavailability of systems and data. 

To be successful in this role you are always skeptical of any model, and you use your in-depth, first-hand ICT knowledge to check abstract models against reality. You have a knack for breaking down abstract concepts into their core properties, and you are enthusiastic about communicating them in such a way that vague notions of ICT and security risks become clear and distinct. It’s also your passionate wish to improve quantitative risk models with objective measures of risks so that it can have a maximum business impact, eg. by creating early warning systems.

What you’ll get to do

  • Contribute to systematically identifying all ICT related risks in our organisation
  • Design and write ICT security Risk training material and carry out awareness trainings
  • Define processes to identify, manage, monitor, and report ICT risks within our Risk Management framework
  • Perform ad-hoc and periodic risk assessments and define meaningful KPIs for ICT Risk management
  • Assist in aligning the ICT Risk management framework with operative Risk 
  • Help validate quantitative models and run simulations with real-world ICT data
  • Challenge existing methodologies while maintaining our high standards for compliance and governance requirements
  • Think out of the box, and help us formulate ideas to improve how we measure the effectiveness of our ICT and security risk management framework
  • Analyse whether parts that have been measured so far are meaningful from an ICT perspective
  • Design Information Security Dashboards that provide our management with an overview of the ICT Risk and security posture within the organization
  • Ensure ICT security governance is maintained in an agile environment
  • Identify the aspects of our risk management framework that do not work or align with ICT-realities, and come up with ideas for improvement. You will also identify the things that work well but are under-utilised, and optimize them

Some of the technologies you’ll get to work with

  • Monte Carlo Simulations
  • AWS/Azure Cloud Technologies
  • Microservices

To succeed in this role, we think you should have

  • At least 3 years experience in information technology, preferably in information security
  • Basic knowledge of data processing techniques (knowing how to code is a pre)
  • Experience with virtualisation/cloud infrastructures
  • Experience with SIEM/ ISMS
  • Experience with monitoring and logging tools like Splunk or similar
  • A solid understanding of Risk management frameworks and experience with Risk management process improvements
  • Knowledge of security standards such as ISO, ITIL or ISAE
  • Experience with Lean and Agile methodologies
  • Strong communication skills: you communicate clearly and can adapt your style to different target audiences
  • Strong research interest
  • Bachelor’s degree (or higher) in Computer Science or a related discipline, or an equivalent subject
  • Working proficiency in English
What we can offer you

Culture - You'll have an opportunity to work with people from 90+ different countries in our English speaking offices in Stockholm/Berlin city centre.

Learning - We have a learning and development focused environment with an emphasis on knowledge sharing, training, and regular internal technical talks.

Compensation - You’ll receive an attractive salary, pension, and insurance plans, plus we offer all of our employees an opportunity to invest in a RSU program and own a stake of the company. You’ll also receive 30 days annual leave and since we recognise that life is about more than work, we also offer benefits for gym memberships, marathons, and all sorts of activities that promote physical health. We also have generous parental leave (for men and women).

Relocation - We can offer relocation support to Stockholm. 

We know diverse teams are strong teams, so we welcome those with alternative identities, backgrounds, and experiences. Our teams include women, men, mothers, fathers, the self-taught, the college-educated, and people from all over the world.

We also believe in making contributions back to the open source community. You can find some of our work at https://github.com/klarna.

How to apply: Please send us your CV or Linkedin profile in English

Klarna is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees and candidates. Please refrain from including your picture and age with your application.