This website uses cookies to ensure you get the best experience.

Nawia Oy and our selected partners use cookies and similar technologies (together “cookies”) that are necessary to present this website, and to ensure you get the best experience of it. If you consent to it, we will also use cookies for analytics and marketing purposes.

See our Cookie Policy to read more about the cookies we set.

You can withdraw and manage your consent at any time, by clicking “Manage cookies” at the bottom of each website page.

Select which cookies you accept

On this site, we always set cookies that are strictly necessary, meaning they are necessary for the site to function properly.

If you consent to it, we will also set other types of cookies. You can provide or withdraw your consent to the different types of cookies using the toggles below. You can change or withdraw your consent at any time, by clicking the link “Manage Cookies”, which is always available at the bottom of the site.

To learn more about what the different types of cookies do, how your data is used when they are set etc, see our Cookie Policy.

These cookies are necessary to make the site work properly, and are always set when you visit the site.

Vendors Teamtailor

These cookies collect information to help us understand how the site is being used.

Vendors Teamtailor

These cookies are used to make advertising messages more relevant to you. In some cases, they also deliver additional functions on the site.

Vendors Meta
Skip to main content
Espoo

Head of IT & Information Security - Evitec Solutions

Inspiring innovations in finance. We modernise our customers’ business by combining technology with human insight.

Apply for this job

Are you ready to safeguard our most valuable trust asset? We are looking for an experienced Head of Information Security to lead our IT & security governance, manage our ISMS framework, and ensure the resilience of our IT landscape.

At Evitec, we operate in a highly regulated environment with demanding customer expectations and continuous external scrutiny. Our ISO/IEC 27001–certified Information Security Management System (ISMS) is a core trust asset and must be continuously improved, audit-ready, and embedded in everyday work.

As the Head of Information Security, you will be the primary owner of the company’s security governance. You will play a pivotal role in ensuring that our policies, processes, risk management, incident readiness, and third-party security are not only consistently implemented across the organization but also transparently demonstrable to our stakeholders and auditors alike.

What you’ll do

As the Head of Information Security, your responsibilities will span across strategic and operational security management. Your core areas of focus will include:

  • Own & evolve the ISMS (ISO 27001) end-to-end: Act as the ISMS owner reporting to top management/Steering Group, maintain governance artifacts (roles, year clock, risk processes, internal audits), and lead external surveillance audits.

  • Run security risk management: Ensure continuous, evidenced risk assessment/treatment linked to management review KPIs, and keep baseline policies (access control, password, SDLC, etc.) current and usable.

  • Own incident management: Maintain corporate processes and major incident instructions, ensuring authority reporting readiness even as national tools evolve.

  • Govern vulnerability management: Define the policy and coordinate with product/delivery teams on urgent library and supply-chain responses.

  • Govern Business Continuity (BCP): Maintain corporate BCP principles and governance, ensuring testing expectations and improvements are tracked and closed.

  • Lead customer & supplier security management: Act as a high-trust interface handling customer annexes, audits, supplier questionnaires, and counterpart contact requirements.

  • Drive security awareness: Execute training activities, follow up on mandatory courses, and publish pragmatic staff guidance on data handling and controls.

  • Support strategic initiatives & executive reporting: Provide board-ready materials on security posture and support strategic identity/access governance initiatives.

  • Support IT implementation: Establish company-wide security configuration baselines and ensure security-impacting decisions align with policies.

Key interfaces

You will partner closely with the IT Teams (who retains operational ownership), Legal (for contracts, regulatory mapping, and authority reporting), and Services / Products / Engineering to embed security into products and coordinate vulnerability or incident responses.

What we’re looking for

To thrive in this role, you should have the following qualifications:

Must-have:

  • Proven ownership of an ISMS and ISO/IEC 27001 audits (surveillance + continuous improvement).

  • Strong ability to write and operationalize policies and processes (incident management, vulnerability management, information classification, SDLC governance, etc.).

  • Ability to follow changes in applicable regulation, translate them clearly to both business and technical stakeholders, and adapt them into ISMS controls.

  • Experience in customer-facing security assurance and supplier security management (annex Q&As, questionnaires, security forums, SLAs).

  • Excellent communication skills: You are comfortable working across executives, engineers, delivery teams, and external auditors; you can easily turn “security speak” into practical action.

  • Fluency in both Finnish and English is required to succeed in this role.

Nice-to-have:

  • Familiarity with modern cloud/service delivery environments and security governance expectations for critical customers (continuity, resilience, evidence).

  • Experience shaping AI/tool governance constraints for secure adoption (approval processes, developer guidance).

  • Ability to interact with and investigate SOC-generated alerts to generate timely remediations to detections.

Why join Evitec?

At Evitec, you will have a genuine opportunity to shape our security culture and safeguard a digital environment built on trust. We offer a collaborative, expert-driven yet relaxed working community. You will enjoy flexible working arrangements, modern tools, and a comprehensive benefits package designed to support your well-being and professional growth.

Additional information

In this role, you will report directly to our CFO. For the right candidate, there is also an opportunity to expand your scope and take on broader responsibilities encompassing not only Information Security but our overall IT operations as well.

Your primary location will be at our headquarters in Espoo, and we offer a flexible hybrid work model to support your work-life balance.

Nawia IT & Tech will support Evitec in this recruitment.

For more information about the position, please contact:

&

Please submit your application, CV, and salary expectation through our recruitment system. The application deadline is 7.6.2025

Please note that to ensure secure and compliant data handling, we do not accept applications via email.

Locations
Espoo
Apply for this job
Picture of Tiia-Liina Aavisto
Contact Tiia-Liina Aavisto Head of Business - IT
Applicant tracking system by Teamtailor