Security Compliance Manager

🚀 Shape the Security Foundation of a Growing SaaS Company

At Vince, we build SaaS solutions that help our customers get maximum value from their ERP systems. Founded in 2010 by former consultants with a shared ambition to make ERP much better, we now work with more than 200 customers and continue to scale our own platform, Vince Live.

As we grow, security and trust are critical. That’s why we’re now looking for an experienced Security & Compliance Lead to take end-to-end ownership of our security and compliance program and help us scale responsibly.

This role is based in our Oslo office with a hybrid work policy and reports directly to the CPTO.

🔐 What you’ll do

In this role, you’ll own and drive security and compliance across Vince — combining strategic ownership with pragmatic, hands-on execution.

You will:

• Own and run our security & compliance program, including policies, risk management, controls, evidence, and continuous improvement
• Lead our ISO 27001 journey: scope, ISMS setup, Statement of Applicability, internal audits, management reviews, and corrective actions
• Act as the primary point of contact for customer security reviews, questionnaires, and due diligence — and build a scalable Security Kit for Sales
• Own identity and access governance across AWS, Microsoft 365 / SSO, and developer platforms (least privilege, access reviews, break-glass procedures)
• Establish and coordinate incident response processes
• Define security requirements for cloud and platform controls (logging, audit trails, monitoring principles, backups, certificate lifecycle) and partner closely with the Tech team on implementation
• Manage supplier and vendor security and ensure expectations are met

This is a key role with real influence on how we build trust, reduce risk, and scale.

🧠 What we’re looking for

You have a solid background in security, compliance, or cloud/platform engineering — and you’re ready to take full ownership of the security function in a growing SaaS company.

We believe you likely have experience as a:

• Security engineer
• Cloud / platform engineer with a strong security focus
• Security or GRC specialist

And you bring:

• Hands-on experience establishing or operating an ISMS (ISO 27001 readiness or implementation preferred)
• Strong understanding of AWS and cloud security fundamentals, especially IAM, least privilege, and auditability
• Experience handling customer security questionnaires and enterprise due diligence
• Ability to communicate clearly — both in customer-facing responses and internal security documentation
• Comfort working cross-functionally with Tech, Sales, Support, and leadership

⭐ Nice to have

• Took a company through ISO 27001 certification
• Familiar with CI/CD security, secrets management, and certificate or code-signing lifecycle
• Experience with vendor risk management and GDPR-related security documentation
• Experience with security monitoring / MDR and incident coordination

🧡 Why join Vince?

At Vince, you’re not just getting a role — you’re joining a competence-driven, social, and engaged team that values trust, flexibility, and ownership. We offer competitive compensation along with strong pension and insurance schemes, and you’ll enjoy an extra vacation week to truly

recharge🌴

Our hybrid work model gives you flexibility in everyday life, while close collaboration with skilled and supportive colleagues ensures you’re never standing alone. You’ll have strong opportunities for professional growth in a company that takes security seriously, and you’ll also be part of a social environment with trips, ski days, cooking courses, and other activities that bring people together ✨.

Why this role matters

You’ll build the security and compliance foundation that enables enterprise trust and long-term growth. You’ll shape how we design access, governance, and evidence — and help eliminate single points of failure as we scale.

Apply now and help shape the secure future of Vince 🚀