Director of Information Security (Group)

[Remote, hybrid Stockholm, Sweden or hybrid Hamburg, Germany]

We are seeking a Director of Information Security (Group) to establish, build, and lead Aonic’s group-wide information security function. This is a foundational leadership role with overall accountability for information security strategy, execution, and maturity across all subsidiaries.

The role is designed as an independent security function with direct access to executive leadership. You will report to the Group CEO/Group General Counsel and work in close partnership with the CTOs of Aonic’s operating companies, the Group Data Privacy Counsel, and senior engineering leadership.

As this is a newly created role, you will build and operate Aonic’s security function from the ground up, operating hands-on in an environment without an existing security team. You will combine strategic leadership with deep execution and independent, second-line security oversight while personally driving critical initiatives.

• Define security strategy, policies, standards, risk management practices, and oversight. Challenge decisions where necessary, assess risk objectively, and ensure consistent implementation across the group, including, for example:
  
  
  
  • Build and own incident response policies and procedures.
  
  
  • Establish and oversee vendor and third-party security risk management.
  
  
  • Develop security policies and lead internal and external audits aligned with frameworks such as ISO 27001 and NIST as well as independent reviews.
  
  
  • Provide oversight of secure cloud and application architecture in collaboration with engineering teams.
  
  
  • Drive security awareness and training across the organization.
  
  
  
  


• Regularly brief executive leadership and the board (or relevant board committees) on:
  
  
  
  • Security posture and maturity.
  
  
  • Key risks and threat landscape.
  
  
  • Significant incidents and response outcomes.
  
  
  • Progress against strategic security objectives.
  
  
  • Provide clear, concise, and actionable insights to support informed decision-making at the highest level.
  
  
  
  


• Escalate material security risks and incidents independently and without delay when required.

• Degree in Information Security, Computer Science, Engineering, or a related field — or equivalent practical experience.


• Approx. 7+ years of progressive experience in information or cyber security roles, including ownership of security programs, preferably from high-growth technology companies or complex group structures.


• Strong knowledge of security frameworks and standards (e.g. ISO 27001, NIST). Security certifications such as CISSP, CISM, or equivalent are considered an advantage.


• Hands-on experience securing cloud-based, app-first, data-intensive platforms.


• Strong experience leading and managing security incidents in complex, technology-driven environments, including coordination across engineering, legal, and executive stakeholders.


• Proven ability to operate autonomously, prioritize effectively, and deliver outcomes in environments with limited structure.


• Experience building or scaling a security function from an early or intermediate maturity stage is a bonus.


• Experience working with US and/or European regulatory and security expectations is preferred.


• Excellent communication skills across relevant stakeholders.

• Highly structured, analytical, and organized, capable of managing multiple concurrent initiatives.


• Strongly hands-on and execution-oriented, comfortable diving deep while maintaining strategic oversight.


• Pragmatic, collaborative, and focused on building durable, scalable security foundations.


• Comfortable operating in a fast-paced, evolving environment where processes and governance are still being built.


• High integrity and sound judgment when handling confidential and sensitive matters.


• Self-driven, resilient, and motivated to build something meaningful from scratch.

• A rare opportunity to build and own a group-wide information security function from the ground up.


• Direct exposure to executive leadership and meaningful influence on company-wide decisions.


• A collaborative, international technology environment with real scale and complexity.


• Competitive compensation and benefits aligned with senior leadership responsibility.