CISO
Stockholm; Oslo; Copenhagen

Puzzel: The Low-Down 🔍

Puzzel is a leading provider of cloud-based contact centre solutions, empowering businesses to deliver exceptional customer service. Our platform combines omnichannel contact centre, workforce management, and AI-driven analytics to optimize customer interactions and operational efficiency. 

With 25 years’ experience since our foundation in Norway, we’re already #1 in the Nordics; growing rapidly in the UK and we are already seeing some great success in the Netherlands since opening the entity in mid-2024, but our ambition is to become the clear European market-leader in the coming years 🚀

Why we’re proud

• 2024 CX Awards Winner, ‘Best Mid-Market Contact Center Platform’

• Puzzel was recognised as the 'most innovative European-founded CCaaS provider' and top 3 globally by Frost & Sullivan in 2023

• Best Practices Company of the Year 2023

• Consistently high Glassdoor rating

• Puzzel places high importance on work-life balance and flexible working hours - as recognised by Flexa, placing 16th overall for work:life balance in 2025! 

• We are working with Mercer on salary benchmarking, to ensure pay equality and market competitiveness

• Debt refinancing through 1bn NOK senior secured bond in December 2025

   

  Read more about us here.

The role

The CISO (also acting as Data Protection Officer (DPO)) is accountable for the company’s information security, privacy governance, and security assurance, ensuring customer trust, regulatory compliance, and effective management of security and privacy risks across the organization.

This role will report to the CTO with dotted line to the CEO.

It would likely suit someone who is already a CISO with a smaller organisation or a Senior Security (& Compliance) Manager (or equivalent) for a larger company, who is looking to step up into their first CISO role.

What you'll do 💻

1/ Security governance and risk management

• Define and maintain security policies, standards, and the security risk management framework.

• Ensure security risks are identified, assessed, treated, and escalated appropriately, including risk acceptance governance.

2/ Security assurance and compliance

• Lead security assurance activities and external audits or attestations relevant to the business (for example ISO standards, SOC reports, and customer assurance requirements).

• Ensure effective control ownership, evidence practices, and audit engagement processes across the company.

3/ Privacy governance, acting as DPO

• Act as the formal Data Protection Officer where applicable.

• Oversee privacy governance, including privacy-by-design practices, DPIAs where required, DSAR governance, records of processing activities, and vendor privacy oversight.

• Work in close partnership with Legal, who acts as a core partner and reviewer for legal interpretation, contractual commitments, and regulatory notifications.

4/ Security engineering and operational security oversight

• Provide strategic direction and oversight for product and platform security practices, including secure development expectations and vulnerability management governance.

• Ensure appropriate security controls and operational security practices are maintained across relevant technology and operational domains.

5/ Incident readiness and response leadership

• Own the company’s security incident management framework, including preparedness, escalation, coordination, communications, and post-incident learning.

6/ Leadership and cross-functional collaboration

• Lead the security and compliance function and develop effective ways of working with product, engineering, operations, finance, legal, and other stakeholders.

• Communicate security and privacy posture, material risks, and priorities to executive leadership and appropriate governance forums.

Authority

The CISO has the authority to:

• Define security and privacy standards and requirements within the company.

• Esc explained? (see below)

Let’s keep authority durable but not overly procedural:

• Escalate material security and privacy risks through the defined governance path.

• Recommend and, where agreed by policy, enforce risk-based constraints on material releases or changes when critical security or privacy issues are identified.

The must haves 💪

• Delivered ISO 27001 programs (recertification experience preferred), and ideally ISO 27701 or equivalent privacy management program experience

• Delivered SOC 2 readiness and testing support with operational evidence processes

• Able to lead cross-functional control ownership 

• Credible with engineering and product teams, pragmatic SDLC security

• Demonstrated privacy governance capability and comfort acting as DPO with Legal partnership

• Strong executive communication, can brief CEO and board sponsor clearly

  Direct people management experience (team of 3 reporting to you in this role)

Nice-to-haves:

• Exposure to generative / agentic AI security and threat countermeasures.

• Worked in a SaaS organisation of ~100-500 employees.

The location

This role can be located in Stockholm, Oslo or Copenhagen, with rough expectation of 2-3 days/week in the office.

What’s In it for You? 💰

• Competitive salary based on Mercer salary benchmarking data

• Flexible, hybrid approach to working; split your time between the office and home

• You get to be part of a fun, driven and supportive team

• Annual Summer and Christmas parties

• Excellent development opportunities and a great company culture

What to expect from the interview process ❔

• Screening call with Talent Acquisition

• 1st interview with CTO

• Case presentation

• Final interview with CEO

Puzzel Values 🎯

• Built on Trust – trust is an intrinsic Nordic value, upon which Puzzel has been built. We trust each other and our customers and partners trust us.

• Stronger Together – working together in a genuinely collaborative way, with a shared purpose, we have an empowered organisation that is better equipped to delight customers and partners.

• Stay Hungry – have a continuous hunger to raise our game, innovate and be the best we can be professionally.

Diversity & Inclusion 🌍

We want everyone at Puzzel to be their true, authentic selves at work irrespective of nationality, race, ethnicity, religion, sexual orientation, gender identity, physical ability, age, or economic background.

Whilst we are proud to already have a diverse workforce from across the globe, we are aware that things could always be improved – for example, we currently have a ratio of female 26:74 male employees, which whilst not uncommon for the tech industry (average in SaaS is 26% female), it’s far from ideal. So, what are we doing to improve this?

• Our Global Leadership Team (C-suite) has shifted from 100% male at the start of 2023 to 4 men: 5 women.

• We have increased our % of female hires from 23.6% in 2021 to 38.5% in 2023 and 41% in 2024!

• We are partnering with the likes of Flexa, who have significantly higher-than-average talent pools of candidates from diverse backgrounds.

• We are working with State Employment initiatives in Norway and Sweden to bring candidates through internship/apprenticeship routes and are investigating similar initiatives in the UK and Bulgaria.

• By raising awareness and transparency, we are hoping to further attract a diverse workforce.

We are continuously striving to foster an inclusive and diverse environment, where everyone is celebrated for who they are. If there is anything we can do to support you in the interview process, or beyond, please let us know.

One Last Thing ☝🏻

Even if you feel you are only a 75% match for this role, we still want to hear from you. This list is purely indicative. Skills can always be learnt.

Please note that we are not able to provide sponsorship for this role, so you must have eligibility to work in the country you are applying for.

By applying you accept the terms of our Privacy Notice which can be found on our website. Puzzel are not considering candidates that do not have a work permit in the country we are hiring in.