🚀 Shape the Security Foundation of a Growing SaaS Company (with AWS at the core)

At Vince, we build SaaS solutions that help our customers get maximum value from their ERP systems. Founded in 2010 by former consultants with a shared ambition to make ERP much better, we now work with more than 200 customers and continue to scale our own platform, Vince Live.

As we grow, security and trust are critical. That’s why we’re looking for an experienced professional to step into the role of Security & Compliance Lead and take increasing ownership of our security and compliance program as we scale. A key part of the role is strengthening our AWS cloud security posture, especially IAM roles, least privilege, and auditability.

This role is ideal for someone with around 5+ years of experience in security, cloud/platform, or compliance who wants to take more ownership and help shape how security is built in a growing SaaS company.

This role is based in our Oslo office with a hybrid work policy and reports directly to the CPTO.

🔐 What you’ll do

In this role, you’ll drive security and compliance across Vince — combining strategic ownership with pragmatic, hands-on execution.

You will:

• Own and develop our security & compliance program (policies, risk management, controls, evidence, and continuous improvement)
• Drive our ISO 27001 journey: scope, ISMS setup, Statement of Applicability, internal audits, management reviews, and corrective actions
• Act as the primary point of contact for customer security reviews, questionnaires, and due diligence — and build a scalable Security Kit for Sales
• Own cloud identity & access governance, with a strong focus on AWS IAM roles (least privilege, access reviews, break-glass procedures, minimizing long-lived access keys)
• Strengthen AWS security fundamentals and auditability: expectations for CloudTrail/logging, privileged access, and security-relevant monitoring/alerts
• Define security requirements for cloud and platform controls (logging, audit trails, monitoring principles, backups, certificate lifecycle) and partner closely with the Tech team on implementation
• Help establish and coordinate incident response processes (runbooks, tabletop exercises, escalation paths)
• Manage supplier and vendor security (MDR/MSP/pentest partners) and ensure security expectations are met

This is a key role with real influence on how we build trust, reduce risk, and scale.

🧠 What we’re looking for

You have a solid background in security, compliance, or cloud/platform engineering — and you’re ready to take increasing ownership of the security function in a growing SaaS company.

We believe you likely have experience as a:

• Security engineer
• Cloud / platform engineer with a strong security focus
• Security or GRC specialist

And you bring:

• Hands-on experience with AWS and cloud security, especially IAM roles, least privilege, and auditability (SSO, access reviews, privileged access)
• Ability to handle customer security questionnaires and communicate confidently with enterprise stakeholders
• The ability to communicate clearly — both in customer-facing responses and internal security documentation
• Comfort working cross-functionally with Tech, Sales, Support, and leadership

⭐ Nice to have

• Took a company through ISO 27001 certification
• Familiar with CI/CD security, secrets management, and certificate or code-signing lifecycle
• Experience with vendor risk management and GDPR-related security documentation
• Experience with security monitoring / MDR and incident coordination
• Familiar with AWS security tooling such as IAM Access Analyzer, AWS Organizations, CloudTrail, or Security Hub (or equivalent concepts)

🧡 Why join Vince?

At Vince, you’re not just getting a role — you’re joining a competence-driven, social, and engaged team that values trust, flexibility, and ownership. We offer strong pension and insurance schemes, great flexibility, and an extra vacation week to truly recharge 🌴

Our hybrid work model gives you flexibility in everyday life, while close collaboration with skilled and supportive colleagues ensures you’re never standing alone. You’ll have strong opportunities for professional growth in a company that takes security seriously, and you’ll also be part of a social environment with trips, ski days, cooking courses, and other activities that bring people together ✨.

Why this role matters

You’ll build the security and compliance foundation that enables enterprise trust and long-term growth. You’ll shape how we design access, governance, and evidence — and help eliminate single points of failure as we scale.

If you're excited about this role but don’t meet every single requirement, we’d still love to hear from you.

Apply now and help shape the secure future of Vince 🚀