Information Security Consultant (internal specialist role) | SEB, Tallinn
SEB is not just a bank. We are a cutting-edge technology company with a large number of talented IT professionals - product owners, business developers, project managers, analysts, software developers, testers. There are more than 200 applications where all our products, business processes and channels are created and maintained by the product development team. If you join our product development and technology team you will be able to influence our business decisions and drive future solutions. Sounds like something that you would like to work with?
We are expanding SEB Baltic IT & Information Security and are looking for an Information Security Consultant within Governance, Risk and Compliance (GRC). You will help identify and manage information security risks and support compliance with regulatory and internal requirements across SEB’s Baltic organization.
Please note that this is a permanent internal role dedicated entirely to securing SEB. It is not a client-facing or external consulting position.
- Be part of an international team responsible for strengthening information security across SEB’s Baltic organization.
- Contribute to addressing an evolving cyber threat and regulatory landscape in a large financial organization.
- Play a key role in managing security risks, strengthening governance and controls, and protecting SEB’s operations and customers.
- Work in an environment that values sound judgement, constructive challenge, collaboration, and continuous improvement.
- Conducting information security risk assessments covering SEB’s information assets, business processes, technology services, and third-party providers
- Supporting and challenging business and technology teams in identifying security risks and implementing appropriate mitigation measures
- Assessing compliance with information security policies, standards, and applicable requirements, including DORA, ISO 27001, PCI DSS, and NIS2
- Supporting the maintenance and continuous improvement of the Information Security Management System (ISMS), including relevant policies, standards, procedures, and guidelines
- Supporting internal and external audits, regulatory inspections, compliance reviews, and security assurance activities.
- Tracking security risks, control deficiencies, findings, and remediation activities, and reporting them to relevant stakeholders and governance forums
- Contributing to security governance and culture through risk reporting, management metrics, Key Risk Indicators (KRIs), awareness activities, and training
- At least two years of experience in information security, cybersecurity, risk management, compliance, IT audit, or a related field
- A good understanding of information security principles, control frameworks, risk management methodologies, and industry practices
- Experience conducting security risk assessments, compliance assessments, audits, or other security assurance activities.
- The ability to identify and assess cybersecurity risks, recommend appropriate mitigation measures, and explain their business impact to senior stakeholders
- Experience working with regulatory and legal requirements
- Strong communication and collaboration skills, combined with the ability to work independently and take initiative in driving improvements
- Fluency in English and at least one Baltic language: Latvian, Lithuanian, or Estonian. English is needed in collaboration with colleagues across the Baltics and internal documentation
Experience with third-party risk management, supplier security assessments, or outsourcing governance will be considered an advantage. Relevant professional information security certifications will also be beneficial.
- Meaningful, challenging work in a highly skilled international team
- Hybrid work flexibility and a supportive, inclusive culture with modern, ergonomic workspaces
- Strong learning culture with dedicated learning time, SEB Campus, and access to global learning platforms
- Competitive benefits including health insurance, extra vacation days, profit-sharing, and pension contributions
- A wellbeing-focused environment with employee events, mental health support, and other benefits
(before tax deduction).
The final offer will depend on the experience and competencies of the selected candidate. Overall remuneration package consists of the salary together with other benefits.