Job Description

At Inriver, we help brands deliver better product experiences - everywhere their customers are. From the first product detail to the final purchase decision, we make product information work smarter. When our platform is secure, our teams ship with confidence and it enhances customer trust. More than 1,600 global brands trust their product data with us.

Now we’re looking for a hands-on, technical Chief Information Security Officer (CISO) to take over from our outgoing CISO and lead the next chapter of our Enterprise Security, Product Security, Privacy, and Compliance function.

About the role

As our next CISO, you’ll own the following areas end-to-end at Inriver - Enterprise Security, Product Security, Privacy, and Compliance - covering strategy, operations and the hands-on work. You’ll work from our HQ office in Malmö, supporting our remote locations in Stockholm, Amsterdam, Davao and Manila.

This is a high-impact role reporting to the CFO and close collaboration with the wider leadership team, and Legal and HR. You will get a genuinely hands-on mandate to modernize and strengthen Enterprise Security, Product Security, Privacy, and Compliance. For the right candidate, and depending on background and experience, there is potential for the broader IT function to also become part of this leadership scope.

Why you’ll love this role 💙

• Own Enterprise Security, Product Security, Privacy, and Compliance - end-to-end across a global, PE-backed mid-size SaaS company

• Run a modern Microsoft Azure security stack and a real product-security program embedded in our SaaS SDLC

• Maintain compliance to SOC2, ISO 27001, ISO 27701, GDPR, NIS2, the EU Data Act and the EU AI Act.

• Lead a small, sharp team

• Work closely with the CFO & leadership team

What you’ll do

• Be the security partner to Engineering. Embed secure SDLC, threat modelling and SAST/SCA/DAST in our pipelines, and triage, identify mitigations, and prioritize security fixes for developers. Lead vulnerability management and analyse or test exploitability.

• Plan, oversee and execute penetration testing for our product (internal and third-party), covering web application, API and cloud testing. You’ll personally run hands-on internal tests to find and validate exploitable issues, and manage third-party pen-testers for broader-scope and specialised engagements.

• Own the security posture of our Azure environment andharden our infrastructure (Entra ID, Defender for Cloud, Sentinel, Conditional Access, PIM, Key Vault, Purview, Azure RBAC, etc.) and lead our Cloud Security Engineer to ensure that our product runs on secure Azure architecture

• Own enterprise risk, third-party risk, BCP/DR, and the security awareness program (including executing phishing tests)

• Own the SOC. Triage, investigate and respond to alerts from our MSSP/MDR/SOC and Microsoft Defender - including out-of-hours when it matters. Be the on-call escalation point for security incidents 24/7 and lead containment, recovery and post-incident learning.

• Own security incident response. From the first alert to the post-mortem - triage, containment, eradication, recovery, and the lessons-learned that stop it happening twice.

• Run our compliance program end-to-end across ISO 27001, ISO 27701, SOC2 Type 2, and GDPR any other EU-relevant frameworks such as NIS2, the EU Data Act, the EU AI Act. Take ISO and SOC2 audits to the finish line, hands-on in our GRC tool including writing and managing policies.

• Run third-party / vendor risk management, in close collaboration with Legal. This includes due diligence, contractual safeguards, ongoing monitoring and offboarding.

• Customer trust & commercial enablement: Represent Inriver externally on security, privacy and compliance topics in customer and prospect engagements. Partner with Sales, Legal and Customer Success on RFPs, security reviews, contractual discussions and enterprise due diligence processes. Help customers and prospects understand and trust Inriver’s security posture, and ensure our Trust Center accurately reflects our controls, certifications and practices

• Risk Management: responsible for the risk management program at Inriver, and escalating risks to the CFO and executive team as needed.

• Budget Management: responsible for the Security and Compliance budgets.

What you’ll bring

We don’t expect you to tick every single box, but for this role we do need most of the following:

✔️ 5+ years in information security or software engineering or similar, with at least 2 years in a senior leadership role (CISO, Head of Security or equivalent) in a mid-size SaaS / cloud / product company.

✔️ You’re not purely a governance leader. Demonstrated hands-on technical depth - you’ve personally run incident response, reviewed code and IaC, and exploited or triaged real vulnerabilities.

✔️Strong IT management experience across Microsoft services (e.g. Entra ID, Intune/MDM, M365), SaaS administration, identity lifecycle, procurement and IT cost management — ideally with the ability to operate across both Security and broader IT functions.

✔️Track record of leading 24/7 SOC operations, or working very closely with an MSSP/SOC, including responding to alerts out-of-hours.

✔️Deep, current knowledge of Microsoft Azure infrastructure and Azure security

✔️Proven ownership of an ISO 27001, ISO 27701 SOC 2 Type II program end-to-end.

✔️Strong, current knowledge of GDPR, NIS2, the EU Data Act and the EU AI Act.

✔️Software engineering or platform/DevOps background - you can read and ideally write code (e.g. Python, C#) and engage with engineers as a peer.

✔️Hands-on experience with a GRC platform, ideally Drata

✔️Strong application security background: secure SDLC, SAST/SCA/DAST, threat modelling, vulnerability management, exploitability analysis and pen-testing.

✔️Experience leading and developing small, technical teams within a constrained budget

✔️Excellent written and spoken business English

✔️Must be eligible to work in the EU.Based in Malmö, or within commuting distance to our Malmö office, so you can be on-site on a hybrid basis.

Nice to have

✔️Exposure to generative and agentic AI security

✔️Experience working in a mid-size SaaS organization

✔️Experience operating across multiple geographies, including the US and The Philippines

✔️Active membership in the security community

✔️Recognised certifications such as CISSP, CISM, etc.

Why Inriver

Here you’ll get:

• A supportive team culture with space to learn, lead and grow

• A workplace where your voice matters and your work makes a real difference to a global SaaS business

We’re serious about building a strong, secure business - and we also care about enjoying the ride.

In our Malmö office, you’ll find things like:

• Tuesday Fika ☕

• Friday breakfasts to start the day together

• A running club and social activities for anyone who wants to join 🏃‍♀️

• A welcoming mix of focused work, collaboration and a few laughs along the way

We work in a hybrid setup, with flexibility and trust as a baseline.

Ready to apply? 📬