Senior Cyber Security Governance, Risk and Compliance Specialist

2 months ago


Stockholm, Stockholm, Sweden H&M Group Full time

Job Overview

The Cyber Security Governance, Risk and Compliance (GRC) team is integral to the H&M Group, focusing on the implementation of established standards and regulatory frameworks within the realms of information and IT security. This unit is responsible for ensuring effective risk management and business continuity, which includes auditing compliance and overseeing the identification, evaluation, and mitigation of technology and cyber security risks.

Key Focus Areas:

Governance: Develop a structured approach to cyber security by aligning processes and functions to meet organizational goals and enhance the security culture.

Risk Management: Identify, evaluate, address, and mitigate cyber security and technology risks while ensuring ongoing monitoring.

Compliance: Ensure adherence to both global and local laws, standards, and regulatory requirements in the cyber security domain.

Resilience: Maintain the ability to deliver intended outcomes despite facing challenging cyber incidents.

Collaboration is key as we work closely with various departments, continuously striving to improve our services and processes.

Our objective is to establish a cohesive, systematic, and risk-based approach that enables H&M Group to achieve a robust and resilient cyber security posture compliant with all relevant regulations. The advantages of this approach include reduced costs, minimized duplication of efforts, enhanced visibility into risks, improved data accuracy and consistency, and better alignment among stakeholders.

We are seeking four senior professionals for the GRC unit, each focusing on specific areas: In this role, you will report directly to the Unit Manager for Cyber Security GRC.

Risk Officer:
Responsible for maintaining H&M Group's Cyber Security Risk Management Framework at a global level and driving continuous risk management efforts across both enterprise and operational levels within BT Cyber Security.

Compliance Officer:
Tasked with ensuring the Cyber Security Common Control Framework (CCF) is current for all applicable markets, and strategically designing the annual Audit Plan and Program for H&M Group and its vendors.

Resilience Officer:
Focused on keeping the Cyber Security Resilience initiatives updated across the organization, employing a systematic risk-based approach that encompasses Business Continuity, Disaster Recovery, and Crisis & Incident Management.

GRC Officer:
Engaged in all GRC areas, assisting with daily operations and specific improvement initiatives and projects.

All four roles will involve:

Defining and maintaining policies, processes, and procedures, along with creating guidelines and templates. Collaborating closely with internal and external stakeholders within their areas of responsibility. Continuously seeking opportunities to enhance the effectiveness and efficiency of cyber security controls and processes.

Qualifications

Candidates should possess 5-10 years of experience in cyber security and/or GRC-related roles, demonstrating expertise in their respective focus areas:

Risk Officer:
Experience in implementing risk management strategies related to cyber security, including identification, analysis, and mitigation planning at both enterprise and operational levels.

Compliance Officer:
Knowledge of legal requirements, best practices, and standards related to cyber security, with experience working alongside Qualified Security Assessors (QSA) and auditors.

Resilience Officer:
Proven ability to develop a resilient cyber security environment through business continuity and disaster recovery strategies, as well as effective incident and crisis management.

GRC Officer:
General experience in GRC-related tasks.

To excel in this role, candidates should demonstrate:

Strong experience in guiding a global organization towards a robust and sustainable approach to modern cyber security. In-depth knowledge of legal regulations, international standards, and best practices in cyber security risk management, including ISO 27000/22301/31000, NIST 800, PCI-DSS, GDPR, NIS2, DORA. Extensive experience in implementing and managing cyber security-focused controls. Strong collaboration skills, as this role requires close interaction with various internal and external stakeholders.

Skill Requirements:

We utilize the Chartered Institute of Information Security (CIISEC) roles framework. Skills and levels can be found on their website.

Governance (5) Legal & Regulatory Compliance (5) Policy & Standards Development (5) Information Risk Management (5) Risk Assessment (5) Incident Management & Response (5) Innovation & Business Improvement (5) Communication & Knowledge Sharing (5)

Additional Information

These positions are full-time and permanent. The work structure is hybrid.
The team offers:

An opportunity to work within one of the world's leading fashion groups. A significant chance to enhance cyber security on a global scale. Opportunities for professional and personal development through educational programs and networking.

Benefits

H&M Group provides attractive benefits and extensive development opportunities worldwide. Employees receive a staff discount card applicable to all H&M Group brands in stores and online. Additional local market benefits may vary based on employment type and location.

Inclusion & Diversity

H&M Group is committed to fostering inclusive, diverse, and equitable workplaces. We value a variety of perspectives and experiences, believing that diversity enhances our ability to tackle challenges and connect with colleagues and customers globally.

We aim for a fair recruitment process and kindly request that candidates refrain from attaching cover letters, as they may introduce unintentional biases.

Company Overview

H&M Group encompasses a family of brands, including H&M, COS, Weekday, Monki, H&M HOME, & Other Stories, ARKET, and Afound. Our people drive our commitment to fostering meaningful growth and promoting sustainable lifestyles. Join us in reimagining fashion and reshaping the industry.



  • Stockholm, Stockholm, Sweden H&M Group Full time

    Job Overview The Cyber Security Governance, Risk, and Compliance (GRC) division is integral to integrating established standards and regulatory frameworks within the information and IT security landscape of H&M Group. This role encompasses the oversight of compliance audits and the management of technology and cyber security risks to ensure business...


  • Stockholm, Stockholm, Sweden H&M Group Full time

    Job Overview The Cyber Security Governance, Risk, and Compliance (GRC) division is integral to integrating established standards and regulatory frameworks within the information and IT security landscape of H&M Group. This role encompasses responsibilities related to compliance auditing and the oversight of identifying, evaluating, and mitigating...


  • Stockholm, Stockholm, Sweden H&M Group Full time

    About the RoleWe are seeking a highly skilled and experienced Cyber Security professional to join our team at H&M Group. As a Senior Cyber Security Governance Specialist, you will play a critical role in embedding defined standards and regulatory frameworks within information and IT security to ensure the company's compliance and risk management.Key...


  • Stockholm, Stockholm, Sweden H&M Group Full time

    About the RoleWe are seeking a highly skilled and experienced Cyber Security professional to join our team at H&M Group. As a Senior Cyber Security Governance Specialist, you will play a critical role in embedding defined standards and regulatory frameworks within information and IT security to ensure the company's compliance and risk management.Key...


  • Stockholm, Stockholm, Sweden H&M Group Full time

    Cyber Security GRC Roles at H&M GroupH&M Group is seeking four senior team members to join our Cyber Security GRC unit. As a key player in our organization, you will be responsible for embedding defined standards and regulatory frameworks within information and IT security.Key Responsibilities:Defining policies, processes, and procedures to ensure compliance...


  • Stockholm, Stockholm, Sweden H&M Group Full time

    Cyber Security GRC RoleWe are seeking a highly skilled Cyber Security GRC professional to join our team at H&M Group. As a Cyber Security GRC Specialist, you will play a critical role in embedding defined standards and regulatory frameworks within information and IT security to ensure risk supervision and business continuity.Key ResponsibilitiesDevelop and...


  • Stockholm, Stockholm, Sweden H&M Group Full time

    Company OverviewH&M Group is a leading fashion retailer with a strong commitment to cybersecurity and data privacy. Our Cyber Security & Privacy Unit is responsible for ensuring the protection of our company's critical data, infrastructure, and customers from potential cyber threats.Job SummaryWe are seeking a skilled Cyber Security and Compliance Specialist...


  • Stockholm, Stockholm, Sweden Spotify Full time

    Job Title: Senior Security Governance, Risk, and Compliance ManagerSpotify is seeking a highly skilled Senior Security Governance, Risk, and Compliance (GRC) Manager to join the Security Studio. As a key member of the team, you will work closely with engineering teams and audit functions to drive the execution of tasks for the Security GRC Program.Key...


  • Stockholm, Stockholm, Sweden H&M Group Full time

    Cyber Security GRC RoleWe are seeking a highly skilled Cyber Security GRC professional to join our team at H&M Group. As a key member of our Cyber Security GRC unit, you will play a crucial role in embedding defined standards and regulatory frameworks within information and IT security.Key Responsibilities:Develop and maintain a structured approach to cyber...


  • Stockholm, Stockholm, Sweden Spotify Full time

    Job SummarySpotify is seeking a Senior Security Governance, Risk, and Compliance (GRC) Manager to join the Security Studio. The successful candidate will work closely with our engineering teams and audit functions to drive SOC 2 compliance and other compliance and information security frameworks. Key responsibilities include leading the SOC 2 compliance...


  • Stockholm, Stockholm, Sweden H&M Group Full time

    Job Overview We are seeking an experienced Cyber Security GRC Specialist to join our team at H&M Group. In this role, you will play a crucial part in embedding defined standards and regulatory frameworks within information and IT security to ensure risk supervision and business continuity. As a Cyber Security GRC Specialist, you will be strategically...


  • Stockholm, Stockholm, Sweden Intrum Full time

    Job Title: Global Information Security Manager - IT Risk GovernanceAt Intrum, we're seeking a highly skilled Global Information Security Manager to join our team. As a key member of our Global Information Security function, you'll play a critical role in protecting our digital assets and managing IT risks.Key Responsibilities:Develop and maintain the IT risk...


  • Stockholm, Stockholm, Sweden H&M Group Full time

    About the RoleCyber Security Engineers play a crucial part in safeguarding the confidentiality, integrity, and availability of sensitive data within H&M Group. As a Cyber Security Engineer, you will be responsible for implementing and managing security controls across our technological landscape.Key ResponsibilitiesCollaborate with product and services teams...

  • Cyber Security

    2 weeks ago


    Stockholm, Stockholm, Sweden H&M Group Full time

    Job SummaryThe Cyber Security & Privacy Unit at H&M Group is seeking a highly skilled Cyber Security & Privacy Specialist to join our team. As a key member of our team, you will be responsible for ensuring the protection of our company's critical data, infrastructure, and customers from potential cyber threats.Key ResponsibilitiesDevelop, implement, and...


  • Stockholm, Stockholm, Sweden Intrum Full time

    At Intrum, you will contribute to the company's goal of making a difference. You will do it in a highly international environment and in a supportive culture where effort counts.The Global Information Security Manager (GISM) – IT Risk Management, plays a crucial role in our efforts to protect digital assets and manage IT risks. This vital role involves...


  • Stockholm, Stockholm, Sweden H&M Group Full time

    Job Overview Cyber Security Specialists are responsible for implementing essential security measures within software and services, ensuring the confidentiality, integrity, and availability of sensitive information across the technological landscape. Our Cyber Security Specialists bring specialized security expertise in core technology domains,...


  • Stockholm, Stockholm, Sweden H&M Group Full time

    About the RoleWe are seeking a highly skilled PCI Compliance Specialist to join our Cyber Security and Privacy Unit at H&M Group. As a PCI Compliance Specialist, you will be responsible for ensuring the protection of our company's critical data, infrastructure, and customers from potential cyber threats.Key ResponsibilitiesDevelop, implement, and maintain...


  • Stockholm, Stockholm, Sweden H&M Group Full time

    Job Overview Cyber Security Specialists are responsible for implementing effective security measures within software and services, ensuring the confidentiality, integrity, and availability of sensitive information. Our Cyber Security Specialists provide essential security expertise across key technological domains, including secure software...


  • Stockholm, Stockholm, Sweden H&M Group Full time

    Job DescriptionThe role of a Cyber Security IAM Analyst is to work with various departments within an organization to drive identities and access control initiatives for internal policies, regulatory compliance, and industry standards. As an IAM Analyst, you can work on different aspects of IAM, including analyst, engineer, and administrator roles.You will...


  • Stockholm, Stockholm, Sweden H&M Group Full time

    Job Overview Cyber Security Specialists are responsible for implementing effective security measures across software and services, ensuring the confidentiality, integrity, and availability of sensitive information. At H&M Group, our Cyber Security Specialists contribute specialized security expertise in key technology domains, including secure software...