As IT Security and Compliance Manager you will define and deliver the objectives within the Information Security strategy and further enhance a security program that identifies and addresses compliance, security and privacy risks as well as security requirements.
You will be on the driving seat working closely with the company group leadership and Senior managers across the business to develop and drive the compliance and information security agenda, ensuring that it meets complex compliance requirements. You will also serve as the security expert for technical solutions, managing risks and identifying opportunities for improving the company’s security profile.
You are collaborating with and support cross-functional teams of technical and non-technical key stakeholders to ensure security systems are functioning smoothly to reduce operational risk. You will be a primary point of contact for data privacy, compliance, and security contracting issues.
The landscape you are operating in consists of four offices and their infrastructure, and IT landscape that is largely based on cloud based solutions and data platforms. Google ecosystem has a strategic position and importance. The company is ISO 27001 certified.
- Leading our Information Security & Compliance function, and proactively design, deliver and report new capabilities to improve the security posture
- Managing the process of gathering, analyzing & assessing the current & future compliance, information security and privacy threats to ensure constant monitoring of the information security best practices as they develop
- Ensure IT systems meets necessary requirements
- Ensure design, development, and operation of secure & privacy-centric software, infrastructure, policies, and programs that balance best practices, business needs, and risks to continuously improve security posture and reduce the possibility of a data breach
- Further develop and manage our network, end point, and application vulnerability scanning and testing capabilities, and proactively remediate them involving the stakeholders
- Handle incident response with the stakeholders and further improve forensic analysis and troubleshooting capabilities
- Managing compliance and security projects, providing expert guidance on compliance matters for other IT project but staying abreast of regulatory changes including cybersecurity developments and their impact on IT requirements, including relevant data privacy requirements.
- Establishing and delivering annual training programs
- Assessing and maintaining regulatory compliance (GDPR, related registers, etc.) and enact new programs or changes as regulations evolve and ensure compliance with existing laws
To succeed in this role we expect the following:
- Extensive experience in Information Security, Technology Risk Management, IT Audit, and/or IT Compliance functions
- ISO 27001 experience, ISO 27002 is a bonus
- Ability to clearly articulate security and risk-related concepts to technical and non-technical stakeholders at various business levels
- Solid grasp of security standard methodologies; securing network and enterprise cloud applications and privileged access management technologies
- Proactive hands-on attitude and skills to make things happen
- Experience implementing cloud security standards
- Understanding of international privacy and data protection regulations, including GDPR
- Fully remote global position
- International projects for the big Nordic brands
- Highly motivated and committed team
- B2B contract