Information Security Lead

On behalf of one of our clients, we are looking for Information Security Lead
Pnr: 6001001

Job Description:

• Own and drive ISO 27001 and SOC 2 compliance activities end-to-end: gap assessments, control implementation, evidence collection, and audit readiness
• Maintain the Information Security Management System (ISMS): policies, risk register, treatment plans, and control documentation
• Lead internal audits and management reviews; prepare the team and evidence base for external certification and surveillance audits
• Serve as the primary point of contact for external auditors and certification bodies: managing scope, scheduling, walkthroughs, and findings responses
• Coordinate with developers, DevOps, and product teams to ensure security controls are implemented and verifiable in the Azure-hosted SaaS environment
• Triage and track SAST/DAST findings and vulnerability reports; drive remediation to closure with the engineering team
• Monitor and respond to security incidents; maintain and test incident response procedures
• Conduct regular risk assessments and translate findings into concrete, actionable remediation work
• Keep security policies and procedures current and aligned with evolving standards and business needs
• Provide practical security guidance to developers and other team members: security by education, not just enforcement
• Track relevant regulatory and compliance changes (ISO, SOC 2, GDPR where applicable) and assess their impact on the team

Qualifications:

• 5+ years of hands-on experience in information security, with direct ownership of ISO 27001 programs through full audit cycles
• Proven track record of leading compliance
• Strong understanding of cloud security in Azure (IAM, networking, logging, encryption, security tooling)
• Familiar with SAST/DAST tooling and the software development lifecycle in agile teams
• Able to translate compliance requirements into practical engineering tasks and work directly with developers to get them done
• Strong written and verbal communicator, comfortable producing audit-ready documentation and presenting to auditors, management, and customers

• Relevant certifications: ISO 27001 Lead Implementer/Auditor, CISSP, CISM, or equivalent

  Nice to have:

• Experience securing SaaS products across web and mobile (iOS/Android)
• Familiarity with GDPR compliance requirements in a European operating context
• Experience with Azure security tooling: Defender for Cloud, Sentinel, or equivalent
  

Applications will be evaluated continuously

Language:

• English
• Norwegian

In Head Energy you get:

• Permanent- or project employment with the best conditions.
• Access to the industry's most exciting job opportunities
• Personal follow-up, mentoring and career guidance
• A large variety of project opportunities
• Good pension- and insurance schemes
• A pleasant and positive work environment
• Access to both specific and general courses.

Video: Solutions that brings you one step ahead
#LI-MØ1

Job alert subscription - Register to receive e-mails regarding job opportunities.

Head Energy's application process is simple and straight forward. Upon registering your CV or LinkedIn-profile, you are able to apply to jobs by the push of a button. Keeping your profile up to date will increase our ability to match your competence and upcoming jobs.

Head Energy is an independent Scandinavian engineering & consulting house providing a wide range of products to onshore and offshore industries. We work with reputed clients in Energy, Civil Construction & Infrastructure, and Industry.
Head Energy has more than 900 employees, and offices in Bergen, Stavanger, Oslo, Trondheim, Gothenburg, Stenungsund, Esbjerg, Odense, and Hamburg. We are employee owned, client focused and growth oriented.
We live by our core values: Responsible | Honest | Inclusive | Innovative.
Our vision is to bring our employees and clients one step ahead.