Senior Cyber Security Governance, Risk, and Compliance Specialist
6 days ago
Job Overview
The Cyber Security Governance, Risk, and Compliance (GRC) division is integral to integrating established standards and regulatory frameworks within the information and IT security landscape of H&M Group. This role encompasses the oversight of compliance audits and the management of technology and cyber security risks to ensure business continuity and effective risk supervision.
Key Focus Areas:
Governance: Establishing a structured approach to cyber security by aligning various processes and functions to meet organizational goals and enhance the security culture.
Risk Management: Identifying, evaluating, addressing, and mitigating cyber security and technology-related risks.
Compliance: Ensuring adherence to both global and local laws, standards, and regulatory requirements in the realm of cyber security.
Resilience: Maintaining the ability to deliver intended outcomes even in the face of challenging cyber incidents.
We engage in close collaboration with various departments within the organization, consistently striving to improve our services and processes.
Our objective is to implement a cohesive, systematic, and risk-oriented methodology that enables H&M Group to achieve a robust and resilient cyber security posture in compliance with all relevant regulations. The advantages of this approach include cost reduction, minimized redundancy, enhanced visibility into risks, improved data accuracy and consistency, and better alignment among stakeholders.
We are seeking four senior team members for the GRC unit, focusing on the following areas: In this capacity, you will report directly to the Unit Manager for Cyber Security GRC.
Risk Officer:
Responsible for the strategic upkeep of H&M Group's Cyber Security Risk Management Framework on a global scale, as well as leading ongoing risk initiatives at both enterprise and operational levels within BT Cyber Security.
Compliance Officer:
Accountable for maintaining H&M Group's Cyber Security Common Control Framework (CCF) and its associated exception and exemption management processes across all relevant markets, in addition to strategically designing the annual Audit Plan and Program for H&M Group and its vendors.
Resilience Officer:
Tasked with ensuring that H&M Group's Cyber Security Resilience initiatives are current across all applicable organizational segments, employing a systematic risk-based approach to Business Continuity, Disaster Recovery, and Crisis & Incident Management.
GRC Officer:
Engaging in all GRC areas, supporting daily operations as well as specific improvement initiatives and projects.
All four roles will involve:
Developing policies, processes, and procedures, along with creating and maintaining instructions, guidelines, and templates. Collaborating closely with both internal and external stakeholders within their areas of responsibility. Continuously seeking opportunities to implement more effective and efficient controls and practices within cyber security.Required Qualifications
Candidates should possess 5-10 years of expertise in cyber security and/or GRC-related functions, with documented knowledge pertinent to the specific focus area applied for:
Risk Officer:
Experience in implementing risk management strategies related to cyber security, including identification, analysis, and mitigation planning at both enterprise and operational levels.
Compliance Officer:
Familiarity with legal requirements, best practices, and standards associated with cyber security, along with experience working with Qualified Security Assessors (QSA) and auditors.
Resilience Officer:
Proven ability to establish a robust and resilient cyber security environment through business continuity and disaster recovery strategies, as well as effective incident and crisis management frameworks.
GRC Officer:
General experience in GRC-related tasks.
To excel in this role, candidates should demonstrate:
Significant experience in guiding a global organization towards a robust, resilient, and sustainable approach to modern technology or cyber security. Comprehensive knowledge of legal regulations, international standards, and best practices in cyber security risk management, including ISO 27000/22301/31000, NIST 800, PCI-DSS, GDPR, NIS2, DORA. Strong background in implementing and managing cyber security-focused controls. Experience collaborating with Qualified Security Assessors (QSA) and auditors to conduct valuable independent audits of an organization or division. A collaborative mindset, as this role requires close interaction with various internal and external stakeholders.Skill Requirements:
We adhere to the Chartered Institute of Information Security (CIISEC) roles framework. More information about the skills and levels can be found on their website.
Governance (5) Legal & Regulatory Environment & Compliance (5) Policy & Standards (5) Information Risk Management (5) Risk Assessment (5) Incident Management, Investigation & Response (5) Innovation & Business Improvement (5) Communication & Knowledge Sharing (5)Preferred Skills/Qualifications:
Information Security Strategy (5) Business Skills (5) Management, Leadership & Influence (5) Behavioral Change (5) Third Party Management (5)Additional Information
These positions are full-time and permanent.
What We Offer:
An opportunity to work within one of the world's leading fashion groups. A significant chance to enhance cyber security on a global scale. Opportunities for professional and personal development through educational programs, networking, and conference participation.Benefits
H&M Group provides all employees with attractive benefits and extensive development opportunities worldwide. Employees receive a staff discount card applicable to all H&M Group brands both in-store and online. In addition to the staff discount, all employees participate in the H&M Incentive Program (HIP).
Local markets also offer various competitive perks and benefits, which may vary based on employment type and location.
Inclusion & Diversity
H&M Group is committed to fostering inclusive, diverse, and equitable workplaces. Our teams are composed of individuals with varied backgrounds, knowledge, and experiences. A diverse workforce positively impacts our ability to tackle challenges and enhances our interactions with colleagues and customers globally. We consider all dimensions of diversity in our recruitment process.
We aim for a fair and equal recruitment process and kindly request that applicants refrain from attaching cover letters, as they may inadvertently introduce biases.
Company Overview
H&M Group encompasses a family of brands, including H&M, COS, Weekday, Monki, H&M HOME, & Other Stories, ARKET, and Afound. Our people drive our commitment to fostering meaningful growth and promoting sustainable lifestyles. Join us in reimagining fashion and reshaping the industry.
-
Stockholm, Stockholm, Sweden H&M Group Full timeJob Overview The Cyber Security Governance, Risk and Compliance (GRC) team is integral to the H&M Group, focusing on the implementation of established standards and regulatory frameworks within the realms of information and IT security. This unit is responsible for ensuring effective risk management and business continuity, which includes auditing...
-
Stockholm, Stockholm, Sweden H&M Group Full timeJob Overview The Cyber Security Governance, Risk, and Compliance (GRC) team is integral to the H&M Group, ensuring that established standards and regulatory frameworks are effectively integrated into our information and IT security protocols. This role encompasses the auditing of compliance and the management of technology and cyber security risks to...
-
Stockholm, Stockholm, Sweden H&M Group Full timeJob Overview The Cyber Security Governance, Risk, and Compliance (GRC) division is integral in integrating established standards and regulatory frameworks into the information and IT security landscape of H&M Group. This role encompasses responsibilities for auditing adherence, as well as supervising the identification, evaluation, and mitigation of...
-
Stockholm, Stockholm, Sweden H&M Group Full timeJob Overview The Cyber Security Governance, Risk, and Compliance (GRC) division is integral to integrating established standards and regulatory frameworks within the information and IT security landscape of H&M Group. This role encompasses responsibilities related to compliance auditing and the oversight of identifying, evaluating, and mitigating...
-
Cyber Security Compliance Officer
6 days ago
Stockholm, Stockholm, Sweden H&M Group Full timeAbout the RoleWe are seeking a highly skilled and experienced Cyber Security professional to join our team at H&M Group. As a Senior Cyber Security Governance Specialist, you will play a critical role in embedding defined standards and regulatory frameworks within information and IT security to ensure the company's compliance and risk management.Key...
-
Cyber Security Risk Management Lead
6 days ago
Stockholm, Stockholm, Sweden H&M Group Full timeAbout the RoleWe are seeking a highly skilled and experienced Cyber Security professional to join our team at H&M Group. As a Senior Cyber Security Governance Specialist, you will play a critical role in embedding defined standards and regulatory frameworks within information and IT security to ensure the company's compliance and risk management.Key...
-
Cyber Security Consultant
6 days ago
Stockholm, Stockholm, Sweden Northwave Cyber Security Full timeAbout Northwave Cyber SecurityWe are a leading European Cyber Security specialist, providing 24/7 cyber security services for over 17 years. Our approach goes beyond technology, focusing on human behavior and organizational processes to deliver integral security services. Organizations that prioritize cyber security seek our expertise, and we take the...
-
Cyber Security Specialist
6 days ago
Stockholm, Stockholm, Sweden H&M Group Full timeAbout the RoleCyber Security Engineers play a crucial part in safeguarding the confidentiality, integrity, and availability of sensitive data within H&M Group. As a Cyber Security Engineer, you will be responsible for implementing and managing security controls across our technological landscape.Key ResponsibilitiesCollaborate with product and services teams...
-
Business Security Specialist
6 days ago
Stockholm, Stockholm, Sweden Northwave Full timeAbout NorthwaveWe are a leading European Cyber Security specialist, providing 24*7 cyber security services for over 17 years. Our approach is holistic, taking into account both technology and human behavior within an organization. We offer integral security services, making us a preferred partner for organizations that prioritize their cyber security.We are...
-
Cyber Security Specialist till DeLaval
5 days ago
Stockholm, Stockholm, Sweden DeLaval International AB Full timeAbout the RoleWe are seeking a highly skilled Cyber Security Specialist to join our team at DeLaval International AB. As a key member of our Information Security Team, you will play a crucial role in ensuring the security and integrity of our systems and data.Key ResponsibilitiesSecurity Risk Management: Identify and mitigate potential security risks to our...
-
Stockholm, Stockholm, Sweden H&M Group Full timeJob Overview Cyber Security Specialists are responsible for implementing essential security measures within software and services, ensuring the confidentiality, integrity, and availability of sensitive information across the technological landscape. Our Cyber Security Specialists bring specialized security expertise in core technology domains,...
-
Cyber Security Specialist till DeLaval
5 days ago
Stockholm, Stockholm, Sweden Level Recruitment AB Full timeAbout the RoleDeLaval, a leading company in the dairy industry, is seeking a highly skilled Cyber Security Specialist to join their team. As a Cyber Security Specialist, you will be responsible for ensuring the security and integrity of DeLaval's information systems and networks.Key ResponsibilitiesDevelop and implement security policies and procedures to...
-
Stockholm, Stockholm, Sweden H&M Group Full timeJob Overview Cyber Security Specialists are responsible for implementing effective security measures within software and services, ensuring the confidentiality, integrity, and availability of sensitive information. Our Cyber Security Specialists provide essential security expertise across key technological domains, including secure software...
-
Stockholm, Stockholm, Sweden H&M Group Full timeJob Overview Cyber Security Specialists are responsible for implementing effective security measures across software and services, ensuring the confidentiality, integrity, and availability of sensitive information. At H&M Group, our Cyber Security Specialists contribute specialized security expertise in key technology domains, including secure software...
-
Stockholm, Stockholm, Sweden H&M Group Full timeAbout the RoleWe are seeking a highly skilled Governance Specialist for Data Privacy and Compliance to join our team at H&M Group. As a key member of our Corporate Governance team, you will play a critical role in supporting the development and implementation of our data privacy and governance strategies.Key ResponsibilitiesSupport the Data Protection...
-
Senior IT Security Compliance Specialist
2 months ago
Stockholm, Stockholm, Sweden Nordea Bank Full timeJob ID: 25458 Risk and compliance is one of the fastest growing-areas of employment in the finance sector and a popular choice for those with an eye for detail.Would you like to be the part of fresh and dynamic team? We are now searching for an Senior IT Security Compliance Specialist that will be responsible for ensuring that their organization complies...
-
Cyber Security Area Lead
6 days ago
Stockholm, Stockholm, Sweden H&M Group Full timeCompany Overview Position Overview The Cyber Security & Privacy Division serves as a reliable consultant to executives and key stakeholders. We offer extensive expertise in Cyber Security and Data Privacy, encompassing our security and privacy strategies, frameworks, policies, and operational processes. Our team is responsible for managing, securing,...
-
Cyber Security Area Leader
6 days ago
Stockholm, Stockholm, Sweden H&M Group Full timeCompany Overview Position Overview The Cyber Security & Privacy Division serves as a trusted partner to executives and key stakeholders. We offer extensive expertise in Cyber Security and Data Privacy, encompassing our security and privacy strategies, frameworks, policies, and operational processes. Our role involves leading, securing, reporting, and...
-
Cyber Security Area Leader
6 days ago
Stockholm, Stockholm, Sweden H&M Group Full timeCompany Overview Position Overview The Cyber Security & Privacy Division serves as a reliable consultant to executives and key stakeholders. We offer extensive expertise in Cyber Security and Data Privacy, encompassing our security and privacy strategies, frameworks, policies, and processes, along with our business and security roadmaps. Our team is...
-
Cyber Security Area Leader
6 days ago
Stockholm, Stockholm, Sweden H&M Group Full timeCompany Overview Position Overview The Cyber Security & Privacy Division serves as a trusted partner to organizational leaders and key stakeholders. We offer extensive expertise in Cyber Security and Data Privacy, encompassing our security and privacy strategies, frameworks, policies, and operational processes. Our role includes leading, securing,...
