Junior Information Security Officer

The Security team is Trustly's first line of defence. We do the hands-on security work - running risk assessments, reviewing vendors, maintaining policies and procedures, driving business continuity and disaster recovery, and making sure security is embedded in how Trustly builds and operates its products. We work closely with engineering, legal, finance, risk & compliance, HR and senior leadership, and partner with the second line for governance and oversight.

We are looking for a Junior Information Security Officer to join the Information Security team, reporting to the Director of Security in Stockholm. The role sits in the first line of defence, meaning you will be hands-on with security work - executing risk assessments, vendor reviews and compliance activities rather than overseeing them from a distance.

This is a great role for someone early in their security career who wants to build broad experience across governance, risk management, compliance and operations in a regulated payments environment. You will support the team across its full scope of work, learn fast, contribute from day one, and grow into increasing independence over time.

• →

  Support the development and maintenance of Trustly's information security framework (ISMS), including drafting and updating instructions and routines

• →

  Conduct information security risk assessments and help maintain the risk register

• →

  Perform security assessments of third-party vendors and partners as part of onboarding and ongoing oversight

• →

  Support business continuity, disaster recovery and crisis management activities, including planning and testing

• →

  Assist in maintaining security controls across areas such as access management, internal fraud prevention, monitoring and segregation of duties

• →

  Support compliance activities, including preparation for audits and certifications

• →

  Respond to customer due diligence requests and security questionnaires

• →

  Contribute to security awareness initiatives, training materials and internal communications

• →

  Help track incidents, audit findings and remediation activities to ensure timely resolution

• 1 - 3 years of experience in information security, IT risk, compliance or a related field; Internship or graduate experience counts

• Foundational understanding of information security principles and familiarity with frameworks such as ISO/IEC 27001 or NIST CSF

• Strong written and verbal communication skills in English - you can write clearly and explain security concepts to a non-technical audience

• Analytical and structured in your approach to work, with attention to detail

• Curious and eager to learn - you want to understand how regulations, risk and technology connect in practice

• Comfortable working across teams and asking good questions

• Working towards or holding a relevant certification (CISM, ISO 27001 Lead Implementer, CISA, CISSP or similar) is a plus but not required

• Fluent in English, written and spoken; Swedish is a bonus but not a requirement