Lead Cyber Security Governance, Risk and Compliance Specialist
6 days ago
Job Overview
The Cyber Security Governance, Risk, and Compliance (GRC) division is integral to integrating established standards and regulatory frameworks within the information and IT security landscape of H&M Group. This role encompasses responsibilities related to compliance auditing and the oversight of identifying, evaluating, and mitigating technology and cyber security risks.
Key Focus Areas:
Governance: Establishing a structured approach to cyber security by aligning processes and functions to achieve organizational goals and enhance the security culture.
Risk Management: Identifying, addressing, assessing, mitigating, and monitoring cyber security and technology-related risks.
Compliance: Ensuring adherence to existing and emerging global and local laws, standards, and regulatory requirements concerning cyber security.
Resilience: Maintaining the ability to deliver intended outcomes even in the face of challenging cyber incidents.
We work collaboratively with various departments within the organization, continuously striving to enhance our services and processes.
Our objective is to implement a unified, systematic, and risk-based approach that empowers H&M Group to achieve a robust and resilient cyber security posture compliant with all relevant regulations. The advantages include reduced costs, minimized redundancy, improved visibility into risks, enhanced data accuracy and consistency, and better alignment among stakeholders.
We are seeking four senior team members for the GRC unit, focusing on the following areas: In this capacity, you will report directly to the Unit Manager for Cyber Security GRC.
Risk Officer:
Responsible for the strategic upkeep of H&M Group's Cyber Security Risk Management Framework on a global scale, while driving ongoing risk initiatives at both enterprise and operational levels within BT Cyber Security.
Compliance Officer:
Tasked with maintaining H&M Group's Cyber Security Common Control Framework (CCF) and managing exception and exemption processes across applicable markets, as well as strategically designing the annual Audit Plan and Program for H&M Group and its vendors.
Resilience Officer:
Accountable for the ongoing enhancement of H&M Group's Cyber Security Resilience initiatives across all relevant organizational segments, employing a systematic risk-based approach that incorporates Business Continuity, Disaster Recovery, and Crisis & Incident Management.
GRC Officer:
Engaging in all GRC domains, assisting with daily operations and specific improvement initiatives and projects.
All four roles are expected to:
Define policies, processes, and procedures, while creating and maintaining instructions, guidelines, and templates. Collaborate closely with internal and external stakeholders within their areas of responsibility. Continuously seek opportunities to introduce more effective and efficient controls and methodologies within cyber security.Qualifications
Candidates should possess 5-10 years of expertise in cyber security and/or GRC-related functions, with documented knowledge relevant to the specific focus area applied for:
Risk Officer:
Experience in implementing risk management strategies associated with cyber security, including identification, analysis, and mitigation planning at both enterprise and operational levels.
Compliance Officer:
Familiarity with legal requirements, best practices, and standards related to cyber security, and experience working with Qualified Security Assessors (QSA) and auditors.
Resilience Officer:
Expertise in developing a robust and resilient cyber security environment through business continuity and disaster recovery strategies, as well as effective incident and crisis management practices.
GRC Officer:
General experience in GRC-related tasks.
To excel in this role, candidates should demonstrate:
Significant experience in guiding a global organization toward a robust, resilient, and sustainable approach to modern technology or cyber security. Extensive knowledge of legal regulations, international standards, and best practices in cyber security risk management, including ISO 27000/22301/31000, NIST 800, PCI-DSS, GDPR, NIS2, DORA. Proven experience in implementing and managing cyber security-focused controls. Strong background in collaborating with Qualified Security Assessors (QSA) and auditors to facilitate valuable independent audits of an organization or division. A collaborative mindset, as this role requires close interaction with various internal and external stakeholders.Skill Requirements:
We utilize the Chartered Institute of Information Security (CIISEC) roles framework. More information about the skills and levels can be found on their website:
Governance (5) Legal & Regulatory Environment & Compliance (5) Policy & Standards (5) Information Risk Management (5) Risk Assessment (5) Incident Management, Investigation & Response (5) Innovation & Business Improvement (5) Communication & Knowledge Sharing (5)To stand out, candidates may possess some of the following skills/qualifications:
Information Security Strategy (5) Business Skills (5) Management, Leadership & Influence (5) Behavioral Change (5) Third Party Management (5)Additional Information
These are full-time permanent positions. We have a hybrid work structure.
What the Team Offers:
An opportunity to work within one of the world's largest fashion groups. A significant chance to enhance cyber security on a global scale. Extensive opportunities for professional and personal development through educational programs, networking, and conference participation.Benefits
H&M Group provides all employees with attractive benefits and extensive development opportunities worldwide. Employees receive a staff discount card applicable to all H&M Group brands in stores and online. Brands included in the discount are H&M (including Beauty and Move), COS, Weekday, Monki, H&M HOME, & Other Stories, ARKET, and Afound. Additionally, all employees participate in the H&M Incentive Program – HIP.
Beyond global benefits, local markets offer various competitive perks and benefits, which may vary based on employment type and location.
Inclusion & Diversity
H&M Group is committed to fostering inclusive, diverse, and equitable workplaces across the organization. Our teams should comprise individuals with diverse backgrounds who share and combine their knowledge, experience, and ideas. A diverse workforce positively impacts our approach to challenges, our perceptions of possibilities, and our relationships with colleagues and customers worldwide. Therefore, all diversity dimensions are considered in our recruitment process.
We strive for a fair and equitable process and kindly request that candidates refrain from attaching cover letters to their applications, as they may inadvertently introduce biases.
Company Overview
H&M Group is a collective of brands, including H&M, COS, Weekday, Monki, H&M HOME, & Other Stories, ARKET, and Afound. Our people are the driving force behind our commitment to fostering meaningful growth and promoting sustainable lifestyles. Join us in reimagining fashion and reshaping our industry.
-
Stockholm, Stockholm, Sweden H&M Group Full timeJob Overview The Cyber Security Governance, Risk, and Compliance (GRC) division is integral in integrating established standards and regulatory frameworks into the information and IT security landscape of H&M Group. This role encompasses responsibilities for auditing adherence, as well as supervising the identification, evaluation, and mitigation of...
-
Stockholm, Stockholm, Sweden H&M Group Full timeJob Overview The Cyber Security Governance, Risk, and Compliance (GRC) division is integral to integrating established standards and regulatory frameworks within the information and IT security landscape of H&M Group. This role encompasses the oversight of compliance audits and the management of technology and cyber security risks to ensure business...
-
Stockholm, Stockholm, Sweden H&M Group Full timeJob Overview The Cyber Security Governance, Risk and Compliance (GRC) team is integral to the H&M Group, focusing on the implementation of established standards and regulatory frameworks within the realms of information and IT security. This unit is responsible for ensuring effective risk management and business continuity, which includes auditing...
-
Stockholm, Stockholm, Sweden H&M Group Full timeJob Overview The Cyber Security Governance, Risk, and Compliance (GRC) team is integral to the H&M Group, ensuring that established standards and regulatory frameworks are effectively integrated into our information and IT security protocols. This role encompasses the auditing of compliance and the management of technology and cyber security risks to...
-
Cyber Security Risk Management Lead
6 days ago
Stockholm, Stockholm, Sweden H&M Group Full timeAbout the RoleWe are seeking a highly skilled and experienced Cyber Security professional to join our team at H&M Group. As a Senior Cyber Security Governance Specialist, you will play a critical role in embedding defined standards and regulatory frameworks within information and IT security to ensure the company's compliance and risk management.Key...
-
Cyber Security Compliance Officer
6 days ago
Stockholm, Stockholm, Sweden H&M Group Full timeAbout the RoleWe are seeking a highly skilled and experienced Cyber Security professional to join our team at H&M Group. As a Senior Cyber Security Governance Specialist, you will play a critical role in embedding defined standards and regulatory frameworks within information and IT security to ensure the company's compliance and risk management.Key...
-
Cyber Security Consultant
6 days ago
Stockholm, Stockholm, Sweden Northwave Cyber Security Full timeAbout Northwave Cyber SecurityWe are a leading European Cyber Security specialist, providing 24/7 cyber security services for over 17 years. Our approach goes beyond technology, focusing on human behavior and organizational processes to deliver integral security services. Organizations that prioritize cyber security seek our expertise, and we take the...
-
Cyber Security Specialist
6 days ago
Stockholm, Stockholm, Sweden H&M Group Full timeAbout the RoleCyber Security Engineers play a crucial part in safeguarding the confidentiality, integrity, and availability of sensitive data within H&M Group. As a Cyber Security Engineer, you will be responsible for implementing and managing security controls across our technological landscape.Key ResponsibilitiesCollaborate with product and services teams...
-
Cyber Security Specialist till DeLaval
5 days ago
Stockholm, Stockholm, Sweden DeLaval International AB Full timeAbout the RoleWe are seeking a highly skilled Cyber Security Specialist to join our team at DeLaval International AB. As a key member of our Information Security Team, you will play a crucial role in ensuring the security and integrity of our systems and data.Key ResponsibilitiesSecurity Risk Management: Identify and mitigate potential security risks to our...
-
Cyber Security Area Lead
6 days ago
Stockholm, Stockholm, Sweden H&M Group Full timeCompany Overview Position Overview The Cyber Security & Privacy Division serves as a reliable consultant to executives and key stakeholders. We offer extensive expertise in Cyber Security and Data Privacy, encompassing our security and privacy strategies, frameworks, policies, and operational processes. Our team is responsible for managing, securing,...
-
Business Security Specialist
6 days ago
Stockholm, Stockholm, Sweden Northwave Full timeAbout NorthwaveWe are a leading European Cyber Security specialist, providing 24*7 cyber security services for over 17 years. Our approach is holistic, taking into account both technology and human behavior within an organization. We offer integral security services, making us a preferred partner for organizations that prioritize their cyber security.We are...
-
Cyber Security Specialist till DeLaval
5 days ago
Stockholm, Stockholm, Sweden Level Recruitment AB Full timeAbout the RoleDeLaval, a leading company in the dairy industry, is seeking a highly skilled Cyber Security Specialist to join their team. As a Cyber Security Specialist, you will be responsible for ensuring the security and integrity of DeLaval's information systems and networks.Key ResponsibilitiesDevelop and implement security policies and procedures to...
-
Stockholm, Stockholm, Sweden H&M Group Full timeJob Overview Cyber Security Specialists are responsible for implementing essential security measures within software and services, ensuring the confidentiality, integrity, and availability of sensitive information across the technological landscape. Our Cyber Security Specialists bring specialized security expertise in core technology domains,...
-
Stockholm, Stockholm, Sweden H&M Group Full timeJob Overview Cyber Security Specialists are responsible for implementing effective security measures within software and services, ensuring the confidentiality, integrity, and availability of sensitive information. Our Cyber Security Specialists provide essential security expertise across key technological domains, including secure software...
-
Stockholm, Stockholm, Sweden H&M Group Full timeJob Overview Cyber Security Specialists are responsible for implementing effective security measures across software and services, ensuring the confidentiality, integrity, and availability of sensitive information. At H&M Group, our Cyber Security Specialists contribute specialized security expertise in key technology domains, including secure software...
-
Cyber Security Area Leader
6 days ago
Stockholm, Stockholm, Sweden H&M Group Full timeCompany Overview Position Overview The Cyber Security & Privacy Division serves as a trusted partner to executives and key stakeholders. We offer extensive expertise in Cyber Security and Data Privacy, encompassing our security and privacy strategies, frameworks, policies, and operational processes. Our role involves leading, securing, reporting, and...
-
Cyber Security Area Leader
6 days ago
Stockholm, Stockholm, Sweden H&M Group Full timeCompany Overview Position Overview The Cyber Security & Privacy Division serves as a trusted partner to organizational leaders and key stakeholders. We offer extensive expertise in Cyber Security and Data Privacy, encompassing our security and privacy strategies, frameworks, policies, and operational processes. Our role includes leading, securing,...
-
Information Security and Compliance Lead
6 days ago
Stockholm, Stockholm, Sweden Precis Digital Full timeAbout the RoleWe are seeking a highly skilled Information Security and Compliance Lead to join our team at Precis Digital. As a key member of our organization, you will play a critical role in protecting our digital assets and ensuring compliance with relevant regulations.Key ResponsibilitiesInformation Security Program Management: Oversee and manage our...
-
Stockholm, Stockholm, Sweden H&M Group Full timeAbout the RoleWe are seeking a highly skilled Governance Specialist for Data Privacy and Compliance to join our team at H&M Group. As a key member of our Corporate Governance team, you will play a critical role in supporting the development and implementation of our data privacy and governance strategies.Key ResponsibilitiesSupport the Data Protection...
-
Audit and Compliance Specialist
6 days ago
Stockholm, Stockholm, Sweden H&M Group Full timeAbout the RoleThe Cyber Security and Privacy Unit at H&M Group is seeking a highly skilled PCI Compliance Officer to join our team. As a PCI Compliance Officer, you will play a critical role in ensuring the protection of our company's critical data, infrastructure, and customers from potential cyber threats.Key ResponsibilitiesDevelop, implement, and...
