IT Security and Compliance Manager
Stockholm, AB

Job Description

Company Overview

Senior IT Security and Compliance Manager

Sr. IT Security Compliance Specialist, under limited supervision, will be responsible for supporting the Information Security and Compliance Program. They must be a highly motivated individual with excellent organizational skills, with the ability to stay on top of a variety of commitments and deadlines; must be able to work independently and as part of a team to maintain workload and report on problems or progress in a timely manner.

The Sr. IT Security and Compliance Specialist will be responsible for bridging the gap between compliance and information security by supporting policy and standards development. They will perform risk assessments, gap analysis and overall security controls guidance for security standards, primarily ISO 27001; but also, National Institute of Standards and Technology (NIST 800-53); and other security frameworks. They should be comfortable interpreting business risk and prioritising remediation activities with IT and the business. The Sr. IT Security Compliance Specialist will also perform Plan of Action and Milestone (POAM) activities to track remediation efforts, complete security risk tracking and reporting, and Information Technology audit preparation and response.

The ideal candidate will be a self-starter and have an inquisitive, analytical mind that constantly looks for solutions to difficult problems. You must have technical knowledge and/or experience in information security and the ability to communicate information security risk; controls and mitigation strategy to management at all levels of the business. They will be goal orientated with the ability to work with limited supervision within an evolving and entrepreneurial environment. The Sr. IT Security Compliance Specialist will work across all business units and be proficient in managing multiple workstreams at the same time.

Essential Knowledge Skills and Abilities

* Be able to implement and manage ISO27001:2013 Information Security Management Systems (ISMS)
* Able to lead compliance program/project initiatives, audits and benchmarking of security policies against good practice and standards, including ISO 27001:2013
* Undertake Information Security Risk Assessments; Control gap analysis; Security Incident Response and Security Investigations
* Participate in and lead internal or external ISO 27001 certification audits
* Assist with analysis and documentation of audit remediation actions
* Identify and recommend cost effective improvements to security practices
* Coordinate security responses to RFI/RFP and customer questionnaires
* Take part in discussions with customer security teams and auditors regarding security and related interests during pre- and post-sales activities
* Review supplier and customer security contract terms against current SAS policies and processes
* Effectively communicate Information security principles and practices to technical and non-technical audiences
* Create and help administer security training programs and practices.
* Perform other duties, as assigned.
* Work primarily cross Nordic countries. Travel activity and stays abroad will be expected.

The candidate should also be able to demonstrate:

* Strong time management skills (schedules, timelines, and task prioritization) and ability to work with minimal supervision or guidance
* Excellent communication, analysis and process flow skills
* The ability to be flexible with others, to display tact and diplomacy, and to maintain a high degree of confidentiality and integrity
* Excellent planning and organisation skills
* Proven ability to manage projects
* Strong time management and prioritisation skills
* Experience with ServiceNow issue management ticketing system

Education

Bachelor's degree in a quantitative field, preferably in Computer Science, Information Technology, or a related discipline.

CISSP, CISA, CISM, or CRISC certification

ISO27001:2013 Lead Auditor or Lead Implementor trained

Equivalency:

Equivalent combination of education, training, and relevant experience may be considered in place of the requirements above.

About SAS:

SAS believes in the whole employee experience. Meaningful work. Empowerment to make a difference that changes people's lives. Dynamic work environments that foster innovation. And an award-winning culture that makes it all possible. We believe great ideas can come from anywhere. Whether you're a university recruit, or an experienced professional ready for the next big challenge, SAS brings perks, passion, and the potential to grow. No limits.

Want to stay up to date on SAS culture, products and jobs? Follow us on LinkedIn