IT RISK AND COMPLIANCE MANAGER

IT Risk and Compliance Manager

We believe in security by design and privacy by design and enabling our teams to proactively work with risk management and cybersecurity. The IT Risk and Compliance Manager will work on the areas of Governance, Risk & Compliance to ensure cyber security and data protection across SAS operations. In this role, you will be responsible for IT risk management including vendor risk management, data privacy policies and standards, governing risk management and data privacy processes, and ensuring compliance to these. You are directly reporting to the Head of IT Ops and SecOps, and you are a vital part of the SAS Cybersecurity Skill Hub.
 

As IT Risk and Compliance Manager, your main responsibilities are to:

•    Work together with the different teams within Digital and IT to enable the teams to work more hands-on with risk management and cybersecurity
•    Develop and enhance cyber and data security policies, control objectives, controls, risk management processes and standards aligned with information security regulations, best practices, and frameworks
•    Oversee and drive the cyber risk management processes, incl. cybersecurity controls follow-up and vendor risk management across SAS
•    Align key stakeholders on cybersecurity policies, data privacy, guide and enable cybersecurity and data privacy practices across the organization
•    Assist with internal and 3rd party audits and address associated findings, such as EASA, IOSA and PCI-DSS
•    Own, develop and be system administrator of our IT risk and privacy management system OneTrust

To be successful, we believe you should have:
•    A Degree in Information Security, Privacy Management, Information Systems or Computer Science is preferred or commensurate relevant work experience
•    Minimum of 5 years’ experience with focus on regulatory compliance and involvement in either data privacy management or cybersecurity management
•    In-depth knowledge and understanding of global privacy legislation (e.g., GDPR)
•    Knowledge and experience of cyber security standards. Specific knowledge of NIST Cyber Security Framework seen as an advantage
•    Experience in translating privacy and/or security regulations into workable and implementable policies and processes
•    Experience in implementing enterprise IT risk and privacy management systems, experinece from OneTrust seen as an advantage
•    Fluent in English, Swedish or other Nordic languages considered as an advantage
•    Experience from aviation, e-commerce and/or from large enterprises seen as an advantage
•    Experience from working in a developer intense organization close to development teams seen as an advantage
 

Personal qualifications
•    Professional with a positive attitude and capable of contributing to a dynamic and team-oriented culture
•    Strong analytical and interpersonal communication skills, including the ability to communicate effectively and build consensus with teams across organizational lines
 

If you feel inspired by the position and feel this is the right challenge for your career, we are looking forward to receiving your application and CV!

#LI-VK1