Cybersecurity Director

About Us

IKEA Operations Management builds up, delivers, serves, and supports shared data and technology for the IKEA value chain. We build a digital foundation to enable our core business partners and franchisees to work more efficiently and create a rewarding customer experience in an omnichannel world. Inter IKEA is on a journey to strengthen our ability to protect the IKEA brand from cyber risks and threats by developing, enhancing, and implementing a set of cybersecurity capabilities.

Your Responsibilities

Define and execute a roadmap for application security, aligning with business goals and compliance requirements
Develop, implement, and continuously improve SSDLC policies, standards, and guidelines aligning with industry standards like OWASP and NIST
Collaborate with digital development, software engineering, and cloud platform teams to integrate security practices into each stage of application development and deployment processes in cloud environments
Contribute to assessment and integration of application security tools (e.g. SAST, SCA, DAST) in CI/CD pipelines to enable continuous security testing and control validation
Identify opportunities to automate security processes in the SDLC to increase efficiency and scalability across teams
Provide expert guidance to developers on secure coding practices, threat modelling, risk assessment, and remediation of identified vulnerabilities
Contribute to the design and delivery of security awareness and training programs for software developers and engineers to promote a culture of security-by-design

About You

We are looking for a cybersecurity professional passionate about building and implementing application security programs. You should have a knack for spotting trends and finding creative solutions to complex problems. The ideal candidate will bring a mix of deep application security expertise, excellent stakeholder management, and a strategic mindset to drive application security improvements across digital product areas.

You will have 8+ years' experience in application security, secure software development or DevSecOps preferably in a large enterprise with multiple product teams. You will possess a strong understanding of secure coding practices, common application vulnerabilities, and attack vectors. Experience with application threat modelling, security testing, and risk assessments is also required.

---