Information Security Specialist

Epiroc’s Information Security function develops and improves the information security within Epiroc. This is a great opportunity to be part of building a function and creating new ways of working – not just administering existing structures.

Join our team
As an Information Security Specialist, you will be part of the central Information Security organization with the objective of supporting the whole Epiroc organization and to reduce risk and security exposures across the Epiroc Group. You will report to the Head of Information Security.

Your mission
The mission for the role as an Information Security Specialist is to understand the threat landscape, improve the effectiveness of Epiroc's Cyber Security Program and protect business assets. We help the business to identify Information Security risks and required mitigating activities.

You will be responsible for the Security Awareness Training area and develop and deliver training on our new security awareness platform. Raising awareness and educating employees and business partners is a key activity in building a security culture.

As our Information Security Specialist, you will:

• Take the lead in developing and delivering Security Awareness Training

• Participate in risk assessments to reduce risk and security exposure for Epiroc

• Participate in the planning of information security risk assessments to examine and verify security capabilities and controls related to Epiroc’s information assets

• Communicate risk assessment findings and provide risk remediation guidance to key stakeholders

• Identify opportunities to improve risk posture and give advice for risk mitigation 

• Develop and maintain risk management standards, processes and templates

• Participate in developing the Information Security Management System (ISMS)

• Participate in developing and delivering Supply Chain security assessments

• Manage information security projects

• Assist in M&A Activities to evaluate information security requirements

• Participate in improving Information Ownership & Classification 

• Assist in developing intellectual property Asset Management 

• Supporting the business in creating Business Impact Analyses

• Business Continuity support

• Participate in improving our Threat Intelligence and in monitoring & reporting information security KPIs

• Liaise with the IT Security team

Your profile
For this role we would like to see that you have a Bachelor's Degree in Business Information Systems, Cybersecurity, Computer Science, or a related field. Or if you have equivalent work experience.

High level of both verbal and written English. Additional languages are a plus.

Knowledge of regulatory compliance, including information security management frameworks ISF Standard of Good Practice, NIST CSF, ISO0x, SANS Top Critical Security Controls, SOX, COBIT), is preferred. 

Security certifications such as CISSP, CISA or CISM is a plus.

As for your personal skills we are looking for someone who has great communication and presentation skills. You have the ability to translate technical language into business terms, work independently, establish plans, report status and deliver according to plan. You also have a great business understanding together with analytical skills.

Location and travel
Location is depending on the candidate, preferably Stockholm, Sweden. Global travel may occur.
In case a candidate from a different country applies and is successful, Swedish local terms and conditions will apply.

Application and contact information
Please send your application, including CV and personal letter, by creating an account in our recruitment system as soon as possible but no later than th of June. 

We review applications on a rolling basis. Please note that, due to the current regulations, we will only consider applications received through our system and not via email or social media.