Det finns nu en ny version tillgänglig för ledigajobb.se. Klicka på uppdatera eller ladda om sidan för att få tillgång till den nya versionen.
Job Description
Cyber Security GRC (Governance, Risk and Compliance) unit plays a crucial role embedding defined standards and regulatory frameworks within information and IT security to H&M Group, as well as ensuring risk supervision and business continuity. This includes e.g. a responsibility for auditing compliance, as well as overseeing the identification, assessment and mitigation of technology and cyber security risks.
We work determinedly within the following areas:
Governance: Ability to build a structured way of working with cyber security by aligning processes and functions in order to achieve organizational objectives and improve the security culture.
Risk: Ability to identify, address, assess, mitigate and follow-up on cyber security and technology risks.
Compliance: Ability to meet global and local existing and new laws, standards and other regulatory requirements within cyber security.
Resilience: Ability to continue delivering intended outcomes despite experiencing challenging cyber events.
We collaborate closely with other departments within the organization and constantly commit to enhancing our services and processes.
Our goal is to have a unified, systematic and risk-based way of working that helps H&M Group to reach a robust and resilient cyber security that comply to all applicable regulations. The benefits include e.g. reduced costs, less duplicate work, greater visibility into risks, increased data accuracy and consistency, and more alignment across stakeholders.
For the GRC unit, we are looking for four new senior team members with the following focus areas. In this role, you will report directly to the Unit Manager for Cyber Security GRC.
Risk Officer:
Strategically responsible for keeping H&M Group’s Cyber Security Risk Management Framework up to date on a global market, as well as driving the continuous risk work on an enterprise and operational level within BT Cyber Security.
Compliance Officer:
Strategically responsible for keeping H&M Group’s Cyber Security Common Control Framework (CCF) and its related exception and exemption management processes up to date for all applicable markets, as well as strategically designing the annual Audit Plan and Program for H&M Group and our vendors.
Resilience Officer:
Strategically responsible for keeping H&M Group’s Cyber Security Resilience Work up to date for all applicable parts of the organization, including a systematic risk-based approach with Business Continuity, Disaster Recovery and Crisis & Incident Management.
GRC Officer:
Working within all GRC areas, assisting in the day-to-day work as well as with specific improvement initiatives and projects.
All four roles are expected to:
Qualifications
You must be an expert with 5-10 years of experience within cyber security in general and/or GRC-related work in specific. This includes e.g. having documented knowledge for the focus area that you’re applying to:
Risk Officer:
Implement risk management associated with cyber security, including identification, analyses and mitigation plans on both an enterprise and operational level.
Compliance Officer:
Comply with legal requirements, best practices and standards associated with cyber security, and work with Qualified Security Assessors (QSA) and auditors.
Resilience Officer:
Build a robust and resilient cyber security environment with the help from business continuity and disaster recovery strategies as well as expedient incident and crisis management systematics.
GRC Officer:
A general experience from GRC-related work tasks.
To succeed in the role, we see that you have:
Skill requirements:
We use the Chartered Institute of Information Security (CIISEC) roles framework. You can find out more about the skills and levels on their website (www.ciisec.org):
To stand out, we believe you have some of the following skills/ qualifications:
Additional Information
Apply by sending in your CV in English as soon as possible. Due to data policies, we only accept applications through career page.