ICEYE is the global leader in synthetic aperture radar (SAR) satellite operations for Earth Observation, persistent monitoring, and natural catastrophe solutions; owning and operating the world's largest SAR constellation. ICEYE is headquartered in Finland and operates from five international locations with more than 600 employees from nearly 60 countries, inspired by the shared vision of improving life on Earth by becoming the global source of truth in Earth Observation.


Purpose

The Security Governance & Compliance Officer is a key member of ICEYE's security team, responsible for ensuring the confidentiality, integrity, and availability of company and customer data. This role leads governance, risk, and compliance (GRC) initiatives and collaborates across departments to build a security-conscious culture, manage third-party risk, and embed security into every layer of our operations. The role is essential for maintaining compliance with regulatory frameworks and supporting the trust ICEYE's customers place in their services.

Key Responsibilities

Governance, Risk & Compliance (GRC):

• Develop, maintain, and enforce security policies, standards, and procedures
• Identify, assess, and mitigate information security risks
• Conduct regular risk assessments and report findings
• Ensure compliance with relevant laws, regulations, and frameworks (e.g., GDPR, ISO 27001, NIST)
• Monitor and continuously improve the organisation’s risk posture

Audit & Compliance:

• Act as the point of contact for internal and external audits related to information security
• Facilitate audit processes and provide necessary documentation
• Address audit findings and coordinate implementation of corrective actions

Security Assessments:

• Lead threat modelling and vulnerability assessments of products and services
• Oversee remediation of identified vulnerabilities in coordination with technical teams

Security Scorecard:

• Develop and maintain a security scorecard to visualise and report on security posture
• Use scorecard insights to drive continuous improvement initiatives
• Work closely with development and operations teams to address gaps

Security by Design:

• Integrate security principles into product and service development processes
• Deliver security training and guidance to development teams
• Promote secure coding practices and tool usage

Vendor Risk Management (VRM):

• Conduct due diligence and security assessments of third-party vendors
• Monitor ongoing compliance of vendors with security standards
• Track and evaluate vendor risk through available tools and reputation checks

Customer Attestation & Support:

• Manage customer attestation and security assurance processes
• Respond to customer security inquiries and support incident response efforts
• Provide transparency and trust in the company’s security practices

Supply Chain Security:

• Assess and manage risks in the technology and service supply chain
• Implement appropriate controls to protect against supply chain threats
  
  

Background & Requirements

• Minimum of 5 years of experience in cybersecurity, risk management, or compliance roles.
• Strong knowledge of information security principles, vulnerabilities, and threat landscapes.
• Familiarity with security standards and regulatory frameworks (e.g., ISO 27001, GDPR, NIST, NIS2).
• Experience with security assessment tools and risk analysis methodologies.
• Ability to collaborate across technical and non-technical teams.
• Excellent written and verbal communication skills in Finnish and English.
• Finnish security clearance or eligibility to obtain it.
• Ability and willingness to be present at the office in Espoo - this is primarily an on-site role.
• Relevant certifications such as CISSP, CISM, CISA, or ISO 27001 Lead Auditor are a plus.

Learn more about ICEYE.