Cyber Security Architect
Stockholm, Sweden
H&M Group
We are a family of brands, driven by our desire to make great design available to everyone in a sustainable way.Job Description
At H&M Group, we are constantly striving to empower our colleagues in protecting our customers, our business and our colleagues against cyber threats. We are now building a team of experienced Cyber Security Architects that will enable our business operation to become secure and resilient.
Company Description
At H&M Group, we believe in making great design available to everyone. It’s essential in everything we do. Our family of brands — H&M, COS, Monki, Weekday, & Other Stories, H&M Home, ARKET, Afound and Itsapark — offer customers around the world a wealth of fashion, beauty, accessories and homeware, as well as modern menus with fresh and local produce at some of the brands’ in-store eateries.
But design is so much more than just products; it’s about clever design processes, efficient product flows, creating experiences that enrich, and smart solutions that benefit all our customers.
Sustainability is always at the core of our business. Not only because we like to do what’s right — but it’s also beneficial for our business. We will continue to push for change and lead the way towards a more inclusive and sustainable fashion future.
Do you want to join us? We will trust you with great responsibility right from the start, reward a passionate mindset and encourage an entrepreneurial spirit. When you start a career with H&M Group, there’s no limit to where it can take you.
About the product area
Cyber security is important for H&M, and we have recently formed the new Cyber Security domain to define and instill a strong cyber security approach across the entire organization. As part of the investment into growing our internal cyber security capability, we are forming a Cyber Security Architecture area that reports to Chief Technology Risk Information Officer. The Cyber Security domain also has teams devoted to Security Engineering, Cyber Defense, Security Advisory and Assessment, Governance, Risk & Compliance, Security Culture and Awareness and regional teams to meet country specific security regulations.
What you will do
The main objective for the Cyber Security Architect is to enable secure and resilient business operations by defining and overseeing the implementation, adoption and effectiveness of security solutions.
To create Business enablement you will:
- Contextualize corporate strategic vision and direction; conduct analysis, identify opportunities, understand constraints and define strategic activities related to the Cyber Security domain
- Analyse, design, develop and maintain roadmaps and implementation plans to enable future state security capabilities in support of driving targeted business outcomes; ensure organizational resilience, stability and operational excellence
- Evaluate and drive continuous improvement and simplification to enhance end-to-end business value. Work across the organisation to lower the total cost of ownership, developing investment plans to reduce technical debt
- Develop control mechanisms to support H&M in managing Cyber risks in-line with business risk appetite
To create Architecture enablement, you will:
- Develop conceptual and logical architecture designs
- Create artefacts that provide target state guidance and enable structured transformation, including:
- Security principles and guardrails
- Capability models and descriptions
- Pattern and anti-pattern descriptions
- Future state blueprints
- Facilitate and orchestrate the delivery of targeted business outcomes, including:
- Drafting, documenting and proposing Architecture Decision Records
- Anchoring and ratifying Architecture Decisions
- Communicating decisions to impacted stakeholders
- Monitoring the adoption, implementation and effectiveness of Architecture Decision Records
- Lifecycle managing Architecture Decision Records so that they remain relevant and fit for purpose
- Maintaining a registry of security solutions relevant to their domain, including missing or overlapping solutions
- Monitoring security capability maturity posture
To create Change enablement, you will:
- Identify interdependencies and use ‘holistic thinking’ to ensure cross-team perspective when designing and implementing solutions
- Act as a facilitator of complex technical topics that require cross-functional consultation
- Communicate security best practice knowledge to the engineering and delivery community to embed security into platforms and products
The persons we are seeking will most likely master multiple security areas, but have deeper and more specialized skills and experience in one of the following: Device security, Application security, Data security, Cloud security, Network security, Secure development and IAM
Just like us you believe in a non-hierarchical culture of collaboration, transparency, and trust. You are a great communicator with information security skills within an international and diverse context.
Collaboration is key in our new organization and you will work close together with your colleagues as well as executing your tasks autonomously.
Skills and opportunities
We work in a constant changing environment and no day is like the other. Therefore, we believe you thrive from working in a not yet formalized environment where anything and everything can happen. This is a great opportunity to contribute with your wide IT and Information Security background as well as experience from lifting the security competence in an agile organization.
On top of your security knowledge and skills, you have true people skills that will allow you to support teams with empathy and drive long-lasting behavior change. You have the ability to take responsibility, work proactively and continuously improve activities in complex, quickly transforming environments.
Your interest in the IT and Information security world will totally blow us away, and your skills as an Architect is unmatched.
You are probably currently working with Cyber security within the retail, manufacturing or e-com industry and have done so for the last 8-10 years. You have a strong analytical ability with a strong overview of the outcome of every communication initiative. Degrees are great, but we believe your skillset compliments and enhances your educational background.
Mandatory requirements, both competence and tools:
- Knowledge and awareness sharing within the security team concerning Security Architecture, Zero Trust Security Principles, Azure and Google Cloud Security Components
- Certified with either or, or a combination of: CISSP, CISSP-ISSAP, CCSA, SABSA, AZ-305, AZ-900, SANS GIAC, CISM, CISA
Qualifying requirements:
- Experience of e-commerce technologies is a merit
- Experience of retail business is a merit
- Experience of other data privacy laws is a merit
- Experience of working in an agile organization
- You are open minded, trustworthy and a self-motivated team player
- You have an entrepreneurial spirit, have great personal ownership, work proactively and continuously improve activities in complex, quickly transforming environments
- English, oral and written fluently
- Swedish, oral and written is meriting
What we offer!
Besides the obvious perks such as staff discount card, flexible work life, learning communities, wellness benefits, parental benefits etc. You are joining a unique value driven culture, a large tech network and community where you can be yourself. There are endless opportunities to experiment and grow in any direction that you want and when you grow, we grow. Being a major player gives us countless opportunities to make a real impact and shape the future.
Practical info
Apply now for this truly inspiring position where your work will contribute to the right security mindset through the whole organization!
This is a fulltime position with placement in Stockholm with a possibility to work part time remote.
We will review and interview on-going so please apply with CV and Cover Letter as soon as possible, but no later than 30th of June 2023.
For questions about the position and/or recruitment process, please contact Björn Lundgren, Bjorn.Lundgren@hm.com but please note that we do not consider application sent in via email.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Agile Application security Azure CISA CISM CISSP Cloud Compliance Cyber defense E-commerce GCP GIAC Governance IAM Monitoring Network security Privacy SANS Zero Trust
Perks/benefits: Career development Flex hours Startup environment Team events Transparency
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Security Operations Analyst jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open Malware-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs
- Open CEH-related jobs
- Open Forensics-related jobs