Information Security Lead

Job Description: Information Security Lead

PRIMARY JOB PURPOSE

As Information Security Lead at ASSA ABLOY, you will be responsible for the design, implementation, and maintenance of the information security policies, standards, and procedures for the Global Solutions Division. You will also ensure compliance with relevant regulations and best practices, as well as provide guidance and support to the IT teams and business stakeholders on information security matters.

KEY POSITION ACCOUNTABILITIES

• Develop and maintain the information security strategy, framework, and roadmap for the Global Solutions Division, aligned with the corporate and business objectives
• Establish and enforce information security policies, standards, and procedures, and monitor compliance across the IT systems and processes
• Conduct regular risk assessments and audits to identify and mitigate information security risks and vulnerabilities
• Manage and coordinate the information security incident response and recovery process, and ensure timely reporting and escalation of security breaches and events
• Provide information security awareness and training to the IT staff and business users, and promote a culture of security within the organization
• Advise and consult the IT teams and business stakeholders on information security requirements, best practices, and solutions for new and existing projects and initiatives
• Stay abreast of the latest information security trends, threats, and technologies, and recommend appropriate actions and improvements
• Collaborate and communicate effectively with the Head of IT and Information Security, the Group CISO team as well as other senior management on information security matters
• Develop and implement a comprehensive enterprise IT risk management framework, policies, and standards
• Conduct regular IT risk assessments and audits, and report on the findings and recommendations
• Coordinate and facilitate the business continuity and disaster recovery planning and testing activities
• Provide guidance and support to the Business Areas on IT risk mitigation and compliance issues

SELECTION CRITERIA

Essential:

• Bachelor's degree in computer science, information systems, or related field. Master's degree or relevant certification (e.g. CISSP, CISM, CISA) preferred
• Minimum of 10 years of experience in information security, with at least 5 years of management or leadership experience
• Strong knowledge and experience in information security frameworks, standards, and best practices (e.g. ISO 27001, NIST, COBIT, etc.)
• Strong knowledge and experience in information security domains, such as cloud security, network security, application security, identity and access management, encryption, cryptography, etc.
• Strong knowledge and experience in information security regulations and compliance requirements, such as GDPR, PCI-DSS, HIPAA, etc.
• Strong analytical, problem-solving, and decision-making skills, with the ability to assess and manage information security risks and incidents
• Strong communication, presentation, and interpersonal skills, with the ability to communicate effectively with technical and non-technical audiences
• Strong leadership, teamwork, and collaboration skills, with the ability to motivate and inspire others
• Self-motivated, proactive, and results-oriented, with the ability to work independently and under pressure
• Experience working in a multinational company with projects spanning US, EMEA & APAC time zones
• Experience working in the electronics or software industry preferred

WORK ENVIRONMENT FACTORS

• Office based/hybrid model
• Health and Safety accountability statements
• 10% Travel, including international travel, may be required. Therefore, employee should have a valid passport

We are the ASSA ABLOY Group
Our people have made us the global leader in access solutions. In return, we open doors for them wherever they go. With nearly 61,000 colleagues in more than 70 different countries, we help billions of people experience a more open world. Our innovations make all sorts of spaces – physical and virtual – safer, more secure, and easier to access. 

As an employer, we value results – not titles, or backgrounds. We empower our people to build their career around their aspirations and our ambitions – supporting them with regular feedback, training, and development opportunities. Our colleagues think broadly about where they can make the most impact, and we encourage them to grow their role locally, regionally, or even internationally.

As we welcome new people on board, it’s important to us to have diverse, inclusive teams, and we value different perspectives and experiences.