Do you have technical skills, a proactive approach, and are willing and eager to take the lead on, and form a long-term strategic agenda with regards to information security and compliance?
Based in any office in Stockholm or Uppsala, we are now looking for an Information Security Officer to develop our work within information security, and enforce our group-wide Information Security Management System (ISMS) policies and procedures, in our TECH organization (incl our IT infrastructure)
We need you to take lead off all aspects, and continuously improve the governance and management of security, to reflect changing technology, threat landscapes, regulatory requirements, and industry standard methodologies.
You will be managing our ISMS documents for security, spreading awareness, measuring the effectiveness, and providing assurance. You will also create security guidelines and concepts, as well as derivation of the resulting organizational and technical measures. For new solutions, services, and partners, you will assess the information security risks, do the necessary due diligence, and review evidence to ensure it is all up to par. You will coordinate the Information Security work within the TECH organization in close collaboration with our IT Security Manager.
You will also be coordinating the response in case of information security incidents, and carry out and evaluate analyses in the context of information security (BIA, fit-gap analysis, KPIs), as well as checking for plausibility and verifiability. Your support in the implementation of standards for increased security requirement like PCI DSS and other contiguous topics, especially business continuity management (BCM), ISAE3402 and ISO27001, is of course of the essence.
You are the contact person in questions of information security and related topics for the TECH organization. Conducting management reviews and regular coordination with executives.
- Worked with information security in general for at least 5 years.
- An experienced information security professional with a technical background.
- Understands how information security assurance works in practice, and wants to optimize and simplify its application.
- Understand how a development organization operates. Preferably experienced with agile development.
- Have been managing an ISMS or parts of it, have created ISMS documents with a company understanding of their impact on the organization, especially developers.
- Have experience working with engineers, product developers, management and users, as well as external stakeholders.
- Experience working with cloud-based technology, understands how cloud architectures work and how security can be assured in them.
Fluent in written and spoken English. Can read and understand regulatory requirements and contracts without issues.