On behalf of our customer, we are looking for an Information Security Lead
Role: Hands-on information security lead responsible for driving and maintaining ISO 27001 compliance across the team's SaaS products hosted on Azure. You'll own the day-to-day execution of security controls, lead internal and external audit engagements, coordinate across developers, DevOps, product, and management, and ensure compliance activities are embedded in how the team actually works, not treated as a separate audit exercise.
Responsibilities
• Own and drive ISO 27001 and SOC 2 compliance activities end-to-end: gap assessments, control implementation, evidence collection, and audit readiness
• Maintain the Information Security Management System (ISMS): policies, risk register, treatment plans, and control documentation
• Lead internal audits and management reviews; prepare the team and evidence base for external certification and surveillance audits
• Serve as the primary point of contact for external auditors and certification bodies: managing scope, scheduling, walkthroughs, and findings responses
• Coordinate with developers, DevOps, and product teams to ensure security controls are implemented and verifiable in the Azure-hosted SaaS environment
• Triage and track SAST/DAST findings and vulnerability reports; drive remediation to closure with the engineering team
• Monitor and respond to security incidents; maintain and test incident response procedures
• Conduct regular risk assessments and translate findings into concrete, actionable remediation work
• Keep security policies and procedures current and aligned with evolving standards and business needs
• Provide practical security guidance to developers and other team members: security by education, not just enforcement
• Track relevant regulatory and compliance changes (ISO, SOC 2, GDPR where applicable) and assess their impact on the team
Qualifications
• 5+ years of hands-on experience in information security, with direct ownership of ISO 27001 programs through full audit cycles
• Proven track record of leading compliance
• Strong understanding of cloud security in Azure (IAM, networking, logging, encryption, security tooling)
• Familiar with SAST/DAST tooling and the software development lifecycle in agile teams
• Able to translate compliance requirements into practical engineering tasks and work directly with developers to get them done
• Strong written and verbal communicator, comfortable producing audit-ready documentation and presenting to auditors, management, and customers
Nice to have
• Relevant certifications: ISO 27001 Lead Implementer/Auditor, CISSP, CISM, or equivalent
• Experience securing SaaS products across web and mobile (iOS/Android)
• Familiarity with GDPR compliance requirements in a European operating context
• Experience with Azure security tooling: Defender for Cloud, Sentinel, or equivalent
Work location: Kristiansand, Stavanger, Lysaker, Remote work in Norway is an option.
Start date: ASAP
Initial Contract duration: 31st Dec. 2026
For more information about the position, please contact:
Emily Zhang | Team lead| NES Advantage Solutions AS | Emily.zhang@nesadvantage.com
If you find this opportunity appealing, please submit your application via our website as we will not process applications received via email. Applications will be evaluated on an ongoing basis.
With over 90 years' combined experience, NES Fircroft (NES) is proud to be the world's leading engineering staffing provider spanning the Oil & Gas, Power & Renewables, Chemicals, Construction & Infrastructure, Life Sciences, Mining and Manufacturing sectors worldwide. With more than 80 offices in 45 countries, we are able to provide our clients with the engineering and technical expertise they need, wherever and whenever it is needed. We offer contractors far more than a traditional recruitment service, supporting with everything from securing visas and work permits, to providing market-leading benefits packages and accommodation, ensuring they are safely and compliantly able to support our clients.
Role: Hands-on information security lead responsible for driving and maintaining ISO 27001 compliance across the team's SaaS products hosted on Azure. You'll own the day-to-day execution of security controls, lead internal and external audit engagements, coordinate across developers, DevOps, product, and management, and ensure compliance activities are embedded in how the team actually works, not treated as a separate audit exercise.
Responsibilities
• Own and drive ISO 27001 and SOC 2 compliance activities end-to-end: gap assessments, control implementation, evidence collection, and audit readiness
• Maintain the Information Security Management System (ISMS): policies, risk register, treatment plans, and control documentation
• Lead internal audits and management reviews; prepare the team and evidence base for external certification and surveillance audits
• Serve as the primary point of contact for external auditors and certification bodies: managing scope, scheduling, walkthroughs, and findings responses
• Coordinate with developers, DevOps, and product teams to ensure security controls are implemented and verifiable in the Azure-hosted SaaS environment
• Triage and track SAST/DAST findings and vulnerability reports; drive remediation to closure with the engineering team
• Monitor and respond to security incidents; maintain and test incident response procedures
• Conduct regular risk assessments and translate findings into concrete, actionable remediation work
• Keep security policies and procedures current and aligned with evolving standards and business needs
• Provide practical security guidance to developers and other team members: security by education, not just enforcement
• Track relevant regulatory and compliance changes (ISO, SOC 2, GDPR where applicable) and assess their impact on the team
Qualifications
• 5+ years of hands-on experience in information security, with direct ownership of ISO 27001 programs through full audit cycles
• Proven track record of leading compliance
• Strong understanding of cloud security in Azure (IAM, networking, logging, encryption, security tooling)
• Familiar with SAST/DAST tooling and the software development lifecycle in agile teams
• Able to translate compliance requirements into practical engineering tasks and work directly with developers to get them done
• Strong written and verbal communicator, comfortable producing audit-ready documentation and presenting to auditors, management, and customers
Nice to have
• Relevant certifications: ISO 27001 Lead Implementer/Auditor, CISSP, CISM, or equivalent
• Experience securing SaaS products across web and mobile (iOS/Android)
• Familiarity with GDPR compliance requirements in a European operating context
• Experience with Azure security tooling: Defender for Cloud, Sentinel, or equivalent
Work location: Kristiansand, Stavanger, Lysaker, Remote work in Norway is an option.
Start date: ASAP
Initial Contract duration: 31st Dec. 2026
For more information about the position, please contact:
Emily Zhang | Team lead| NES Advantage Solutions AS | Emily.zhang@nesadvantage.com
If you find this opportunity appealing, please submit your application via our website as we will not process applications received via email. Applications will be evaluated on an ongoing basis.
With over 90 years' combined experience, NES Fircroft (NES) is proud to be the world's leading engineering staffing provider spanning the Oil & Gas, Power & Renewables, Chemicals, Construction & Infrastructure, Life Sciences, Mining and Manufacturing sectors worldwide. With more than 80 offices in 45 countries, we are able to provide our clients with the engineering and technical expertise they need, wherever and whenever it is needed. We offer contractors far more than a traditional recruitment service, supporting with everything from securing visas and work permits, to providing market-leading benefits packages and accommodation, ensuring they are safely and compliantly able to support our clients.