Are you a solution oriented and hands on security person keen on compliance and information security? Does joining one of Europe’s most established HR tech companies backed by tier one investors sound exciting to you? Sympa is growing and looking for an Information Security Specialist to join our Engineering organisation.

STARTING DATE: AS SOON AS POSSIBLE

Sympa helps some of the largest companies in the Nordics to put people at the centre of their strategy. With 1,000 customers and a strong install base, we have a strong foundation for continued growth. Our Engineering hubs are in Vantaa (Espoo beginning of June 2025), Lahti, and Poland and you would be part of a highly talented and international team of close to 60 engineering colleagues.
We are looking for an Information Security Specialist to support our growing SaaS business in maintaining and developing our information security management systems (ISMS) and quality management (QMS). You will work closely with our external CISO-as-a-service partner and act as the internal contact on security-related topics.
This role is ideal for someone with a technical background looking to take the next step in their information security career—ready to take ownership and grow into a broader security and compliance position within a fast-growing SaaS company.

WHAT DO WE VALUE IN OUR CANDIDATES?

The person we are looking for is highly motivated, curious and able to take responsibility. You strive for continuous improvement and learning, and you make things happen. If you enjoy a fast-paced environment, are highly organized and able to manage multiple priorities, you will get far with Sympa.

Furthermore, the following skills and experience are needed to succeed:

• A technical background and relevant education (e.g. IT, software development, infrastructure or security operations)
• A few years of hands-on experience in information security or similar role
• Familiarity with ISO 27001 is required, experience with ISO 9001 is a plus
• Understanding of data protection frameworks (e.g. GDPR, NIS2) is a strong plus
• Ability to communicate clearly with technical and non-technical stakeholders both in Finnish and English, other Nordic languages being a plus
• Experience in Microsoft Azure and software development is a plus

• Maintain and develop our ISMS and security framework
• Manage our security tools such as security awareness, third party risk management
• Ensuring compliance and security
• Ensure data systems comply with relevant regulations and security standards
• Develop measures to protect data privacy and ensure the security of data pipelines and analytics infrastructure
• Conduct regular vulnerability/security assessments
• Monitor security systems and respond promptly to security incidents
• Drive our ISO 27001 and support future certification processes both in ISO 27001 and ISO 9001
• Collaborate with cross-functional teams, especially within sales, IT, engineering, HR and other business units as needed to mitigate security risks and drive compliance
• Support sales and legal in responding to customer RFP’s and security related contractual topics. Continuously update and deepen your knowledge of security related topics and understanding of Sympa’s business to fluently respond to RFP’s
• Act as an internal security poc in coordination with CISOaaS
• Support general quality-related work, including ISO 9001 practices, risk management and internal audits
• Contribute to data protection and privacy compliance (DPO-related support)
• Promote internal awareness and best practices across the organisation and provide training and guidance to employees on information security