Sensio is a Nordic leader in the health care technology sector and solves today's and tomorrow’s elderly care challenges for the benefit of residents, patients, healthcare personnel, and society. We create sensors, systems, and platforms that radically improve the quality and efficiency of health care – leading the sector to embrace technology and provide #MoreTimeForCare. Read more about Sensio here.

Sensio is on a journey from being the leading tech company in Scandinavia in the elderly care space to becoming a trusted transformation partner across Europe. This summer, we were acquired by Nordic Capital, one of Europe’s top private equity companies. Sensio has one of the leading in-house product development organizations in Norway with about 80 product people - in total we are a team of 200 colleagues. We are now looking for a dedicated CISO to take charge of our information security as we scale from the Nordics into Europe.

As our Chief Information Security Officer, you will lead Sensio’s information security strategy and operations, ensuring the confidentiality, integrity, and availability of sensitive healthcare data, IoT solutions, and software and hardware products. You will work closely with cross-functional teams to manage and secure sensitive healthcare data, safeguard our IoT infrastructure, and ensure compliance with regulations like GDPR, HIPAA, and the ISO27001 standard. Your role is crucial in ensuring that Sensio’s clients trust our ability to secure their data and protect their operations. This is a new role at Sensio, which means you will greatly impact our information security strategy and policies.

The position reports to the CTO at Sensio and is part of the CTO’s management team.

Key Responsibilities

• Information Security Strategy: Develop and implement a robust security framework that protects Sensio’s software, IoT devices, and hardware, while staying ahead of emerging threats.
• Risk Management: Identify and assess security risks across all platforms, including sensitive healthcare data, and implement risk mitigation strategies.
• Compliance & Regulatory Oversight: Ensure adherence to relevant regulations such as GDPR, HIPAA, ISO27001, and other healthcare data security standards. Lead compliance initiatives and audits.
• Security Architecture & Design: Collaborate with product and engineering teams to design secure software, IoT, and hardware solutions. Establish secure development practices and guide security architecture decisions.
• Incident Response: Lead incident response efforts for any data breaches or security incidents, including conducting post-incident analysis and implementing remediation strategies.
• Data Privacy: Oversee data privacy practices to ensure that sensitive healthcare data is protected, handling privacy policies, data retention, and encryption standards.
• Vendor & Partner Security: Assess the security of third-party vendors and partners, ensuring that they adhere to Sensio’s security standards.
• Security Operations: Manage day-to-day security operations, including threat monitoring, penetration testing, vulnerability assessments, and security audits.
• Collaboration: Work closely with the CTO and other department heads to ensure alignment between security initiatives and business objectives. Ensure the security of IoT devices and cloud infrastructure.

Qualifications

• Demonstrated experience within information security.
• Ability to lead security programs in complex environments, including experience building and leading security teams.
• In-depth understanding of cybersecurity frameworks, encryption methods, secure software development, and IoT security.
• Strong knowledge of GDPR, HIPAA, and other relevant data privacy regulations. Experience managing compliance in the healthcare sector is an advantage.
• Proven experience managing security incidents and leading incident response efforts.
• Relevant certifications such as CISSP, CISM, CISA, or equivalents are strongly preferred.
• Strong analytical skills, excellent communication, and the ability to collaborate with technical and non-technical stakeholders.
• Bachelor’s or Master’s degree in Computer Science, Information Security, or a related field.

What we offer

• Meaningful work with purpose – making a difference for health care personnel, patients, and next-of-kin.
• The opportunity to be part of a Norwegian tech company with ambitions of becoming a global leader.
• Taking charge of information security in an international context.
• To be part of an innovative culture focused on collaboration and user-centric product development.
• Great opportunities for professional and personal development.
• Competitive compensation and benefits.