Information Security Manager in the Baltic IT & Information Security team | SEB, Tallinn
SEB is not just a bank. We are a modern technology company with many talented IT professionals - product owners, business developers, project managers, analysts, software developers, and testers. There are more than 200 applications where our products, business processes, and channels are created and maintained by the product development team.
We are currently expanding our Baltic IT & Information Security team and looking for an experienced Information Security Manager within Governance, Risk and Compliance (GRC).
This is a senior expert role (without direct people management responsibility) where you will help strengthen cybersecurity governance, information and communication technology (ICT) risk management, and regulatory readiness across SEB Baltics.
- Be part of a Baltic IT & Information Security team responsible for strengthening cybersecurity governance, risk, and compliance across a large technology environment.
- Contribute to solving complex security, regulatory, and third-party risk challenges in a highly regulated banking context.
- Play a key role in improving SEB’s information security management system, ICT risk processes, control frameworks, and regulatory readiness.
- Work in an environment that values trust, stability, continuous improvement, responsible risk management, and clear communication between business and technology.
- Leading improvements to the Information Security Management System so it supports SEB’s growth, regulatory expectations, and the evolving cyber threat landscape.
- Designing and improving processes for identifying, assessing, treating, and reporting ICT and information security risks.
- Performing security risk assessments for business and technology initiatives, with clear recommendations for stakeholders.
- Overseeing third-party security assurance and ensuring vendors meet SEB’s security policies and requirements.
- Translating regulatory requirements, including GDPR, DORA, and NIS2, into practical controls, audit input, and incident response support.
- Developing awareness activities, stakeholder materials, dashboards, risk heatmaps, and compliance roadmaps to support informed decision-making.
- 5+ years of experience in information security, preferably within governance, risk, compliance, ICT risk, security assurance, or regulatory control frameworks.
- Experience designing, improving, or implementing security processes, controls, or governance practices across multiple stakeholders.
- Ability to lead security initiatives or complex projects from planning to implementation.
- Good understanding of ICT environments and how security, risk, and controls support business-critical services.
- Ability to translate cyber risks, regulatory requirements, and control gaps into clear business impact and practical recommendations.
- Fluency in English and at least one Baltic language, Latvian, Lithuanian, or Estonian, as the role involves collaboration with local and Baltic stakeholders and working with security, risk, regulatory, and audit documentation.
- Professional information security certifications, such as CISM, CISSP, CRISC, CISA, ISO 27001, or similar.
- Experience with GDPR, DORA, NIS2, ICT risk management, or third-party security assurance.
- Experience in banking, financial services, or another regulated industry.
- Experience creating dashboards, risk heatmaps, compliance roadmaps, or security reporting for senior stakeholders.
- Experience with security awareness, training, or risk culture initiatives.
- Meaningful, challenging work in a highly skilled international team
- Hybrid work flexibility and a supportive, inclusive culture with modern, ergonomic workspaces
- Strong learning culture with dedicated learning time, SEB Campus, and access to global learning platforms.
- Competitive benefits including health insurance, extra vacation days, profit-sharing, and pension contributions.
- A wellbeing-focused environment with employee events, mental health support, and local benefits.