Unit Manager for Cyber Security & Technology Governance, Risk & Compliance
Stockholm, Sweden
H&M Group
We are a family of brands, driven by our desire to make great design available to everyone in a sustainable way.Company Description
H&M Group is transforming the way it addresses the continuously evolving and complex cyber security threats and risks. To do this we have created a new Tech Centre focused solely on managing Cyber Security for all our brands and majority investments. Within this Cyber Security Tech Centre, we have a unit that will focus on improving the governance of technology and cyber security related risks as well as ensuring our technology teams operate and provide solutions that comply with the relevant technology and cyber security regulations. This role reports to the Chief Technology Risk Information Officer.
As the leader of the unit, you will be energetic and highly motivated in helping others understand and become advocates for the Cyber Security GRC unit. You will help define how technology and cyber security governance, risk and compliance are embedded in everything we do. You will be responsible for ensuring all the relevant policies, procedures, guidelines, and standards are in place, co-ordinate any audits related to technology or cyber security, ensure effective controls are implemented to achieve data protection, security, resilience and ensure that we comply with relevant regulatory requirements. You will help to secure the future success of H&M.
Job Description
In this role you will be responsible for:
- Contributing to the Cyber Security strategy and ensuring their team is aligned with the strategy.
- Professional development of staff to ensure they have relevant skills and qualifications.
- Managing the day-today activities of Governance, Risk and Compliance unit and ensuring the unit is meeting its operational and performance objectives.
- Unit level budgeting, planning, roadmaps.
- Supporting the organization in making security accessible, understandable, and easy.
- Defining and enforcing the policies, procedures, guidelines, standards associated with the team’s security specialism.
- Supporting the organization during a crisis.
- Acting as an ambassador for Cyber Security and promoting safe and secure practices.
- Ensuring the team complies with relevant legislation or regulatory requirements.
- Formal staff responsibility, including salary review, performance dialogues and support in individual development plans and competence needs.
Qualifications
We are looking for the best! You must be an expert with 8+ years of experience within cyber security and how to meaningfully apply (at a global scale) best practices and standards associated with GRC e.g., ISO27001, IS270002, NIST 800, PCI-DSS, SOC2, etc. Expertise in cyber security maturity models e.g., c2m2.Strong experience of establish and operating business continuity management based on disaster recovery standards e.g., ISO27031.To succeed in the role, you should have:
- Strong experience of implementing and operating cyber security focused risk management.
- Strong experience of working within QSAs, Financial Controls auditors to deliver useful independent audits of an organization or division.
- You must have helped a global organization to adopt a robust and maintainable approach to modern tech or cyber security related governance, risk, and compliance. You must be a great team player, as this role works closely with our Corporate Governance colleagues who oversee all forms of risk at H&M.
Skill Requirements: - (level)
We use the Chartered Institute of Information Security Roles framework ( www.ciisec.org ). You can find out more about the skills and levels on their website.
- Governance (6)
- Policy & standards (6)
- Information risk management (6)
- Data protection (4)
- Privacy (4)
- Management, leadership & influence (5)
- Business skills
- Internal & statutory audit (6)
To Stand out, we believe you have some of the following skills/ qualifications: -
- Information security strategy (5)
- Innovation & business improvement (5)
- Behavioral change (5)
- Legal & regulatory environment & compliance (5)
- Third party management (5)
- Threat intelligence, Assessment & threat modelling(5)
- Risk assessment (5)
- Incident management, incident investigation & response (5)
- Research (5)
- Communication & knowledge sharing (5)
- Professional development (5)
What we offer
You are joining a unique value-driven culture, a large tech network and community where you can be yourself. Besides the obvious perks such as staff discount card, learning communities, wellness benefits, parental benefits and a flexible work life, there are a lot of opportunities to experiment and grow in the direction you want. Being a major player gives us countless opportunities to make a real impact and shape the future.
H&M Group is a value-driven company that wants to lead the way to a more inclusive environment. We are committed to create an inclusive & diverse workplace with a culture that is dynamic and innovative. We welcome your application regardless of who you are, where you’re from and what you like. We welcome applicants with different backgrounds, perspectives, and skills. We welcome all applicants to strengthen our innovative and diverse culture.
Learn more about our I&D work https://youtu.be/veRbl9Cijts
Additional Information
This is a full-time position based in Stockholm. Please apply as soon as possible but no later than 20th of June,2023. We will review and interview applicants on-going. If you have questions, please contact Talent Acquisition Partner Prianka Raina at prianka.raina@hm.com
We look forward to receiving your application!
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Audits Compliance Governance ISO 27001 NIST Privacy Risk assessment Risk management Security strategy SOC 2 Strategy Threat intelligence
Perks/benefits: Career development Flex hours Wellness
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Product Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Cybersecurity Specialist jobs
- Open Security Researcher jobs
- Open Senior Security Architect jobs
- Open IT Security Engineer jobs
- Open Sr. Security Engineer jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open Forensics-related jobs
- Open Kubernetes-related jobs