Head of Security and Compliance

Build security as a foundation for growth and trust!

Jotta Group is a Norwegian technology scale-up with products such as Jottacloud and Min Sky. We offer cloud services for secure storage synchronization and sharing of photos and data. Weve grown into one of Europes leading storage providers in a market dominated by global tech giants. Our data is stored in Norway. Encrypted physically protected and governed by strict Norwegian and European privacy laws. We are also powered by renewable energy.

We are now entering an important and exciting phase. With the planned consolidation of Jottacloud and MinSky platforms we are uniting two strong product and technology organizations to build a leading European SaaS and cloud storage platform.

As a cloud product company security and trust are fundamental to how we this role you will help shape security as a practical enabler for growth and product development balancing risk speed and commercial needs.

What youll do

• You will own and continuously evolve our security and compliance governance in a way that is practical transparent and actually used. That means clarifying decision rights responsibilities and risk appetite while also making sure governance supports the way we work rather than slowing us down.

• You will define and maintain the security and compliance roadmap translating strategy and risk into clear priorities and concrete initiatives. This includes rolling up your sleeves to drive progress remove friction and help teams succeed.

• You will establish and operate a pragmatic internal control framework that creates trust and consistency while still enabling fast delivery and learning.

• Building a strong security culture is a key part of the role. You will work hands-on with teams to embed ownership awareness and sound judgment into everyday decisions not just policies and presentations.

Security leadership

• You will shape our overall security posture balancing protection usability speed and cost in close collaboration with product engineering and operations.

• You will actively engage in security-related discussions reviews and trade-offs across the organization and are comfortable going deep when needed whether that is in architecture access management or incident handling.

• This includes taking ownership of access management and IAM ensuring appropriate controls reviews and practical solutions that work for teams as well as driving and overseeing penetration testing vulnerability management and follow-up of findings.

• You will lead our approach to incident preparedness and response ensuring clear roles sound decision-making and continuous improvement based on real experience.

Compliance & risk

• You will own and operate our security and compliance management systems as living frameworks that support governance improvement and trust.

• This includes responsibility for certifications and standards such as ISO 27001 and ISO 9001 as well as translating new and evolving regulations including NIS2 into clear priorities and concrete actions.

• You will work closely with teams to embed risk awareness into everyday decisions ensuring compliance and security considerations are built into how we design build and operate our services.

• You will contribute actively to organizational resilience including business continuity and disaster recovery readiness.

External interface

• You will act as the primary point of contact for regulatory authorities and law enforcement ensuring professional timely and well-governed engagement.

• You will also own key external and business-facing security interfaces including responsibility for Terms of Service and EULA and handling individual cases related to breaches of terms working closely with legal product and operations to find proportionate and business-sound solutions.

Who you are

• You are an experienced security risk or compliance professional ideally with a background in technology-driven work environments.

• You approach security and compliance as management disciplines that support good decision-making and long-term value creation.

• You are comfortable operating at a strategic level while staying closely involved in day-to-day realities.

• You foster a culture where security is part of business discussions helping teams understand and manage risk when making decisions.

• You view security as a business enabler balancing risk with product technology and commercial realities.

• You are comfortable taking calculated risks when it is right for the business enabling momentum while keeping risk visible and understood.

Why join us

• High impact: Shape how security enables product innovation growth and trust at a critical point in our journey.

• Flexible workday and hybrid work: With offices centrally located in Oslo and Trondheim.

• Freedom responsibility and autonomy: High-trust environment with real ownership and decision-making authority.

• A collaborative doer culture: Pragmatic supportive and focused on creating real user value.

• Security with a seat at the table: A strategic role with influence on priorities and long-term direction.

• Work with highly skilled people: Experienced product technology and business leaders who value openness learning and quality.

• Great benefits: eg. 73 % pension and 5 additional annual vacation days.

Ready to build security as a growth enabler

For an exploratory discussion about the role contact our recruiter Peder Apall-Olsen at