Chief Information Security Officer, CISO

Meet Sievo!

We are Sievo – a fast-growing software-as-a-service (B2B SaaS) company from Finland. Our unique superpower is called procurement analytics. We are the global leaders in our space and help our customers understand their own procurement data, make data-driven decisions, reduce emissions, drive supply chain resilience, and beyond! Currently, 2% of global GDP is processed by Sievo every year – pretty cool, right?

We serve the world’s largest companies such as Kellogg's, Levi's, and Deutsche Telekom. Our over 400 Sievonians are based in Helsinki, Chicago, and Bucharest.

At the core of our success are talented and passionate people. Sievo prides itself in creating a collaborative, welcoming, and enriching environment. We put people first, celebrate diversity, and drive innovation.

Now, we are looking to strengthen our team with a Chief Information Security Officer (CISO) to lead our information security strategy and ensure compliance across our global operations.

What will you do as Chief Information Security Officer (CISO)?

• Develop and implement a comprehensive information security and data governance strategy that aligns with Sievo’s business objectives and meets customer expectations.

• Lead Sievo’s information security program, including the development, implementation, and enforcement of security policies, standards, and procedures.

• Oversee and manage Sievo’s compliance with relevant security frameworks and regulations (e.g., ISO 27001, SOC 2 / ISAE3000, GDPR, ESG), and lead certification and audit processes.

• Act as the primary point of contact for customers and partners on all information security matters, including responding to security questionnaires and participating in contract negotiations.

• Act as a trusted advisor to Sievo’s business teams, providing practical, solution-oriented guidance on a broad range of security, risk, and compliance matters.

• Identify, assess, and mitigate information security risks across Sievo’s global operations, and maintain the company’s risk register.

• Drive security awareness and training programs across the organization to foster a strong security culture.

• Collaborate closely with the Engineering team to ensure security requirements are integrated into the software development lifecycle,

Our expectations for you

We are looking for an experienced information security professional with a proactive and business-oriented mindset. Ideally, you cover all these requirements — however, we are also open to candidates who have strong experience in some areas and are eager and motivated to learn the others:

• Master’s degree in a relevant field (e.g., Information Security, Computer Science, Law) or equivalent practical experience.

• 5+ years of relevant experience in an information security leadership role, preferably within a technology company or a B2B SaaS environment.

• Deep expertise in information security governance, risk management, and compliance (GRC), with hands-on experience with frameworks like ISO 27001, SOC 2, and GDPR.

• Experience in customer-facing roles, including negotiating security terms in commercial agreements and responding to security assessments.

• Excellent command of English (our company language); proficiency in other languages is a plus.

• Strong analytical and problem-solving skills, with the ability to balance security risks and business objectives.

• Proactive, self-motivated, and able to take initiative in not just identifying security and compliance issues, but also helping solve them in a practical manner.

• Adaptability and willingness to work in a dynamic, fast-paced, and evolving environment while managing multiple projects and deadlines simultaneously.

• Strong interpersonal skills and the ability to build relationships and collaborate across teams and cultures.

• Ability to communicate complex security concepts clearly and concisely to both technical and non-technical stakeholders.

We consider it an advantage if you have:

• Experience working in a B2B SaaS, technology, or data-driven business in an international setting.

• Familiarity with security aspects of AI, data analytics, and data utilization.

• Knowledge of other areas of compliance, such as corporate or employment law.

We promise you:

• A hybrid work environment with a great relaxed place to work in Afi Park 1, Bucharest

• Open and honest company culture that encourages you to grow and exceed.

• Possibility to work in an international setting with world-class clients and great colleagues from diverse backgrounds

• An independent role with real influence to contribute to the company’s future growth, working closely with business teams and other key stakeholders.

• Diverse and meaningful work with a broad range of security and compliance matters, closely connected with the business.

• Work alongside talented, passionate colleagues who value open communication, knowledge sharing, and teamwork.

• Freedom to take ownership of your projects and drive initiatives forward, balanced with the support you need to succeed.

• Engage with colleagues and clients from around the world, and gain experience in cross-border security and compliance matters.

• Awesome perks such as private medical subscription, flexible benefits package, Sievo Equity Program, referral bonus, extra 5 days of vacation, and many more!

This is a full-time position. The role is hybrid, and the candidate is expected to be based in Bucharest.

How to apply

We would love to hear from you next!

If we have sparked your interest, don’t hesitate to send your CV and application through our recruitment system already today. Please however submit your application by 8.12 at the latest.

For more information on the role or Sievo in general, you can reach out to Tuomo Vierros, Chief Information Security Officer at tuomo.vierros@sievo.com.

To learn more about the company and product, visit sievo.com.

At Sievo, we celebrate and support differences and strive to create a culture where everyone feels valued and included. As an Equal Opportunity Employer, we do not discriminate against any individual in hiring or employment based on gender, gender identity or expression, age, ethnic or national origin, nationality, language, religion or belief, opinion, disability, state of health, sexual orientation, or other personal reasons.