Unit Manager for Cyber Security & Technology Governance, Risk & Compliance

Company Description

H&M Group is transforming the way it addresses the continuously evolving and complex cyber security threats and risks. To do this we have created a new Tech Centre focused solely on managing Cyber Security for all our brands and majority investments. Within this Cyber Security Tech Centre, we have a unit that will focus on improving the governance of technology and cyber security related risks as well as ensuring our technology teams operate and provide solutions that comply with the relevant technology and cyber security regulations. This role reports to the Chief Technology Risk Information Officer.

As the leader of the unit, you will be energetic and highly motivated in helping others understand and become advocates for the Cyber Security GRC unit. You will help define how technology and cyber security governance, risk and compliance are embedded in everything we do. You will be responsible for ensuring all the relevant policies, procedures, guidelines, and standards are in place, co-ordinate any audits related to technology or cyber security, ensure effective controls are implemented to achieve data protection, security, resilience and ensure that we comply with relevant regulatory requirements. You will help to secure the future success of H&M. 

Job Description

In this role you will be responsible for: 

• Contributing to the Cyber Security strategy and ensuring their team is aligned with the strategy. 
• Professional development of staff to ensure they have relevant skills and qualifications. 
• Managing the day-today activities of Governance, Risk and Compliance unit and ensuring the unit is meeting its operational and performance objectives. 
• Unit level budgeting, planning, roadmaps. 
• Supporting the organization in making security accessible, understandable, and easy. 
• Defining and enforcing the policies, procedures, guidelines, standards associated with the team’s security specialism. 
• Supporting the organization during a crisis. 
• Acting as an ambassador for Cyber Security and promoting safe and secure practices. 
• Ensuring the team complies with relevant legislation or regulatory requirements. 
• Formal staff responsibility, including salary review, performance dialogues and support in individual development plans and competence needs. 

Qualifications

We are looking for the best! You must be an expert with 8+ years of experience within cyber security and how to meaningfully apply (at a global scale) best practices and standards associated with GRC e.g., ISO27001, IS270002, NIST 800, PCI-DSS, SOC2, etc. Expertise in cyber security maturity models e.g., c2m2.Strong experience of establish and operating business continuity management based on disaster recovery standards e.g., ISO27031.To succeed in the role, you should have: 

• Strong experience of implementing and operating cyber security focused risk management. 
• Strong experience of working within QSAs, Financial Controls auditors to deliver useful independent audits of an organization or division. 
• You must have helped a global organization to adopt a robust and maintainable approach to modern tech or cyber security related governance, risk, and compliance. You must be a great team player, as this role works closely with our Corporate Governance colleagues who oversee all forms of risk at H&M. 

Skill Requirements: - (level) 

We use the Chartered Institute of Information Security Roles framework ( www.ciisec.org ). You can find out more about the skills and levels on their website.

• Governance (6)
• Policy & standards (6)
• Information risk management (6)
• Data protection (4)
• Privacy (4)
• Management, leadership & influence (5)
• Business skills
•  Internal & statutory audit (6)  

 To Stand out, we believe you have some of the following skills/ qualifications: - 

• Information security strategy (5) 
• Innovation & business improvement (5) 
• Behavioral change (5) 
• Legal & regulatory environment & compliance (5) 
• Third party management (5)  
• Threat intelligence, Assessment & threat modelling(5) 
• Risk assessment (5) 
• Incident management, incident investigation & response (5) 
• Research (5) 
• Communication & knowledge sharing (5) 
• Professional development (5) 

What we offer       
You are joining a unique value-driven culture, a large tech network and community where you can be yourself. Besides the obvious perks such as staff discount card, learning communities, wellness benefits, parental benefits and a flexible work life, there are a lot of opportunities to experiment and grow in the direction you want. Being a major player gives us countless opportunities to make a real impact and shape the future.   
   
H&M Group is a value-driven company that wants to lead the way to a more inclusive environment. We are committed to create an inclusive & diverse workplace with a culture that is dynamic and innovative.  We welcome your application regardless of who you are, where you’re from and what you like.   We welcome applicants with different backgrounds, perspectives, and skills.   We welcome all applicants to strengthen our innovative and diverse culture.   
Learn more about our I&D work https://youtu.be/veRbl9Cijts   
 

Additional Information

  This is a full-time position based in Stockholm. Please apply as soon as possible but no later than 12th of June,2023. We will review and interview applicants on-going. If you have questions, please contact Talent Acquisition Partner Prianka Raina at prianka.raina@hm.com

We look forward to receiving your application!