Information Security Officer - IAM

The opportunity

The information security team at Polestar provides various services such as risk management security assessment threat modeling and management security advisory penetration testing and oversee the security operations (SOC). Additionally security officers have a rotating oncall duty.

This position is ideally located out of Gothenburg. We believe in a hybrid model when it comes to remote and onsite work knowing that both inperson collaboration and individual time to focus are needed. What matters most is that people get the time and support to do what needs to be done. And to enjoy doing it of course.

The responsibilities

As InfoSec officer at Polestar you will focus on designing and enhancing IAM capability. Reporting to the CISO you track IAM risks collaborate with stakeholders and develop IAM policies and processes that meet regulatory and compliance standards. You conduct IAM risk assessments propose mitigation strategies and work closely with the IAM and HR teams to ensure secure identity and access posture. Additionally you develop IAMrelated incident response protocols in collaboration with the Security Operations Center (SOC) to effectively address potential security incidents.

• Oversee and govern InfoSec IAM Capability and align with InfoSec Strategy.
• Define and set standards and practices for responsible areas.
• Support Risk Management Risk Analysis and stakeholder consultations on IAM risk treatment.
• Formulate tactical goals and translate them into operational plans.
• Contribute to strategic planning and governance decisions.
• Collect aggregate and monitor InfoSec IAM risk data.
• Review and align IAM requirements for both Corporate IAM and Customerfacing IAM.
• Regular governance checks and collaboration with the IAM and HR teams are necessary to improve and align with InfoSec standards and requirements such as RBAC access reviews
• Identifying IAM shortages and driving projects in collaboration with internal stakeholders.
• IAM policy design and implementation including cloud IAM (Microsoft Entra AWS Azure GCP).
• Privileged Access Management (PAM PIM) and IGA platforms.
• Background in adopting industry standard enterprise wide IAM technologies and concepts aligning with compliance requirements.
• Proficient in explicit trust model and least privileged principals
• Extensive experience in designing RBAC ABAC PBAC
• IAM in DevOps environments lifecycle management and automation processes.
• Deep understanding authentication and authorisation protocols
• Application systems and API access management.
• Working experience in directory services access brokers DLP and SaaS based identity.
• Background in PKI certificate management trust models certificatebased protocols is a plus

The ideal candidate

We are seeking a dynamic and passionate individual with a proven track record in managing technical priorities. The ideal candidate is patient and open capable of informing motivating and training others on their subject matter. With high energy and a willingness to find innovative solutions using available tools and requirements this person will thrive in our culture of trust free thought and complete transparency.

The successful candidate will possess strong communication skills enabling them to align the organization on complex technical decisions. They are a connecting thinker always seeking the best ways of working in an integrated and efficient manner across various responsibilities. Additionally they will have the ability to generate new solutions and translate effectively between different stakeholders in digital business and Information Security.

In addition youll need the following qualifications/experience:

• University degree in relevant subject area in relation to Information Security or computer science
• More than four years of experience working in digital organizations and Information Security
• History of adapting industry standard enterprisewide security technologies and concepts to technology and business defined scopes
• Knowledge of relevant industry standards (e.g. NIST 80053 ISO 27001 ISO 27018 EN 62443)
• Good working experience in control areas of the ISO 27001:2022 and knowledge of relevant industry standards (e.g. NIST 80053 ISO 27001 ISO 27018 EN 62443 and GDPR).
• Well understanding of design of a security architecture and necessary interfaces between the different components and stakeholders
• Having certifications like CIAM CIMP CISM CISA CRISC OSCP CISSP or CCSP is a plus.

Polestar is an international company with various backgrounds represented. English therefore is the language of written and spoken communication. And though we have a global presence we maintain the growthmindset. Change happens often at Polestar. But so does progress. Expect an accelerating exciting environment.

The process

If the above matches your ambitions be sure to apply. Our selection process is ongoing and the job advert will remain open until its filled.

The Polestar journey is an electric one.