Description
For our customer we are looking for an Information Security Officer (Lund).
General introduction:
The company is initiating the implementation of an Information Security Management system (ISMS) including Information Risk management framework and overall governance structures. Being part of a corporate group, the company is required to comply with the global policy and standards, as well as legal, market and customer information security requirements. The ISMS shall partly integrate with the corporate ISMS.
The company´s Corporate information Security Office is currently being established and staffed. The function consists of different areas of responsibility. One is Information Security, Policy, Governance, Compliance and Risk; where this role will belong.
The position is required to drive agree initiatives and tasks to ensure the companies Information assets are being protected and managed based on Confidentiality, Integrity and Availability.
This role is critical also to meet expectations from a large number of business critical initiatives and projects that need to comply with Corporate requirements. Examples of areas is Cloud solutions, global consumer services, PII, 3rd parties/contract mgmt, external WEB
Major responsibilities and tasks:
- Contribute in the development of an Information Risk management framework, process and roadmap for business and IT functions.
- Contribute and drive development and implementation information asset owners and other roles. Identification of information assets and business processes, roles etc. Proved structures throughout the company to keep the assets and risk continuously manageable.
- Conducting internal IT and business risk assessment activities consistent with the risk management process and method as being defined, including piloting and monitoring of processes and methods. Use and work through own or Corporate group provided tools, methods and reporting structures.
- Work closely with other roles in the CISO function, business and IT projects, business functions and process owners, to effect appropriate security measures for relevant entities
- Maintain a Risk management system that fosters the routine use of risk assessments and risk management planning, reporting and communication
- Support, coach and educate in information security and information risk management throughout the business and IT functions.
- Define, continuously develop and promote the role of Information Security Officers throughout the company.
- Perform audits and assessments as requested internally and with 3rd parties, monitoring of compliance as well as reporting on the effectiveness of information security activities and associated policies, standards, controls and procedures.
- Serve as an internal information security consultant to the company.
Qualifications:
- Minimum eight years experience from information security audit, information security risk management and/or information security.
- In-depth understanding of and documented experience from performing information security risk assessment and information security audits
- Minimum three years working experience from large, complex and global organization/s and participation in and/or management of Information Security projects/initiatives
- CISSP, CISA, CRISC or other certification/accreditation.
- Bachelors in Management Information Systems, Computer Science or related
- Certified in relevant ITIL v3 disciplines or similar process framework.
- Preferred
oISO 27000/ISMS certification
oWorking experience from Archer eGRC implementations
- Excellent English skills, verbal and in writing is required
Travel: 1-4 days per month
Start: ASAP
Duration: 6 months
Location: Lund and Europe
Work load: 100 %
Working language: English