This website uses cookies to ensure you get the best experience.

Jotta Group and our selected partners use cookies and similar technologies (together “cookies”) that are necessary to present this website, and to ensure you get the best experience of it. If you consent to it, we will also use cookies for analytics and marketing purposes.

See our Cookie Policy to read more about the cookies we set.

You can withdraw and manage your consent at any time, by clicking “Manage cookies” at the bottom of each website page.

Select which cookies you accept

On this site, we always set cookies that are strictly necessary, meaning they are necessary for the site to function properly.

If you consent to it, we will also set other types of cookies. You can provide or withdraw your consent to the different types of cookies using the toggles below. You can change or withdraw your consent at any time, by clicking the link “Manage Cookies”, that is always available at the bottom of the site.

To learn more about what the different types of cookies do, how your data is used when they are set etc, see our Cookie Policy.

These cookies are necessary to make the site work properly, and are always set when you visit the site.

Vendors Teamtailor

These cookies collect information to help us understand how the site is being used.

Vendors Teamtailor

These cookies are used to make advertising messages more relevant to you. In some cases, they also deliver additional functions on the site.

Vendors Youtube, Linkedin, Google
Skip to main content
Jotta Group
Oslo · Hybrid

Head of Security and Compliance

Build security as a foundation for growth and trust!

Jotta Group is a Norwegian technology scale-up with products such as Jottacloud and MinSky. We offer cloud services for secure storage, synchronization, and sharing of photos and data. We’ve grown into one of Europe’s leading storage providers in a market dominated by global tech giants. Our data is stored in Norway. Encrypted, physically protected, and governed by strict Norwegian and European privacy laws. We are also powered by renewable energy.


We are now entering an important and exciting phase. With the planned consolidation of Jottacloud and MinSky platforms, we are uniting two strong product and technology organizations to build a leading European SaaS and cloud storage platform.


As a cloud product company, security and trust are fundamental to how we operate. In this role, you will help shape security as a practical enabler for growth and product development, balancing risk, speed, and commercial needs.

What you’ll do

  • You will own and continuously evolve our security and compliance governance in a way that is practical, transparent, and actually used. That means clarifying decision rights, responsibilities, and risk appetite, while also making sure governance supports the way we work rather than slowing us down.

  • You will define and maintain the security and compliance roadmap, translating strategy and risk into clear priorities and concrete initiatives. This includes rolling up your sleeves to drive progress, remove friction, and help teams succeed.

  • You will establish and operate a pragmatic internal control framework that creates trust and consistency, while still enabling fast delivery and learning.

  • Building a strong security culture is a key part of the role. You will work hands-on with teams to embed ownership, awareness, and sound judgment into everyday decisions, not just policies and presentations.

Security leadership

  • You will shape our overall security posture, balancing protection, usability, speed, and cost in close collaboration with product, engineering, and operations.

  • You will actively engage in security-related discussions, reviews, and trade-offs across the organization, and are comfortable going deep when needed, whether that is in architecture, access management, or incident handling.

  • This includes taking ownership of access management and IAM, ensuring appropriate controls, reviews, and practical solutions that work for teams, as well as driving and overseeing penetration testing, vulnerability management, and follow-up of findings.

  • You will lead our approach to incident preparedness and response, ensuring clear roles, sound decision-making, and continuous improvement based on real experience.

Compliance & risk

  • You will own and operate our security and compliance management systems as living frameworks that support governance, improvement, and trust.

  • This includes responsibility for certifications and standards such as ISO 27001 and ISO 9001, as well as translating new and evolving regulations, including NIS2, into clear priorities and concrete actions.

  • You will work closely with teams to embed risk awareness into everyday decisions, ensuring compliance and security considerations are built into how we design, build, and operate our services.

  • You will contribute actively to organizational resilience, including business continuity and disaster recovery readiness.

External interface

  • You will act as the primary point of contact for regulatory authorities and law enforcement, ensuring professional, timely, and well-governed engagement.

  • You will also own key external and business-facing security interfaces, including responsibility for Terms of Service and EULA, and handling individual cases related to breaches of terms, working closely with legal, product, and operations to find proportionate and business-sound solutions.

Who you are

  • You are an experienced security, risk, or compliance professional, ideally with a background in technology-driven work environments.

  • You approach security and compliance as management disciplines that support good decision-making and long-term value creation.

  • You are comfortable operating at a strategic level, while staying closely involved in day-to-day realities.

  • You foster a culture where security is part of business discussions, helping teams understand and manage risk when making decisions.

  • You view security as a business enabler, balancing risk with product, technology, and commercial realities.

  • You are comfortable taking calculated risks when it is right for the business, enabling momentum while keeping risk visible and understood.

Why join us?

  • High impact: Shape how security enables product innovation, growth, and trust at a critical point in our journey.

  • Flexible workday and hybrid work: With offices centrally located in Oslo and Trondheim.

  • Freedom, responsibility, and autonomy: High-trust environment with real ownership and decision-making authority.

  • A collaborative doer culture: Pragmatic, supportive, and focused on creating real user value.

  • Security with a seat at the table: A strategic role with influence on priorities and long-term direction.

  • Work with highly skilled people: Experienced product, technology, and business leaders who value openness, learning, and quality.

  • Great benefits: eg. 7+3 % pension and 5 additional annual vacation days.

Ready to build security as a growth enabler?

For an exploratory discussion about the role, contact our recruiter, Peder Apall-Olsen at peder.apall-olsen@amby.com

Remote status
Hybrid
Application End Date
January 31, 2026
Oslo · Hybrid

Head of Security and Compliance

Loading application form

Applicant tracking system by Teamtailor