Information Security Manager

Come help us create a better everyday life for the many people. That’s the IKEA vision. We do that by offering a wide range of home furnishings with good design and function at prices so low that as many people will be able to afford them.

Do you value simplicity, cost-consciousness, a humble attitude, and willpower? Then an IKEA career may be right for you.

We strive for excellent leadership to lead business and people together. We believe people learn and develop best when they perform and deliver in the real world.

Purpose

Responsible for overseeing and controlling all aspects of information security in the group. The job entails planning and carrying out security measures that will protect a business’s data and information from deliberate attack, unauthorized access, corruption and theft.

Accountabilities

• Dealing with risks that include DoS attacks, hacking and unauthorized access to a computer systems, phishing, viruses, spyware, worms, Trojans, the abuse of permission granted to authorized system users, pharming and ransomware.
• Assessing the risks to computer systems and planning to minimize possible threats
• Upgrading existing security systems or designing new ones
• Testing security products and evaluating them
• Simulating security breaches to test procedures
• Making plans for disaster recovery in case security is breached
• Carrying out corrective actions in the event of a breach
• Looking for weak points in the system and securing them
• Ensuring that international and national network security standards are met
• Preparing technical documentation and reports for users and managers.
• Provide information security awareness training to organization personnel
• Creating and managing security strategies
• Oversee information security audits, whether by performed by organization or third-party personnel
• Evaluate department budget and costs associated with technological training
• Assess current technology architecture for vulnerabilities, weaknesses and for possible upgrades or improvement
• Implement and oversee technological upgrades, improvements and major changes to the information security environment
• Serve as a focal point of contact for the information security team and the organization and external parties
• Manage and configure physical security, disaster recovery and data backup systems
• Communicate information security goals and new programs effectively with other department managers within the organization.
• Work closely with the Head of Risk & Compliance and senior IT Services stakeholders to ensure that appropriate security guidance is provided to support project delivery;
• Designing and implementation of standards, policies, guidelines and appropriate architectural principles to ensure the firm’s cyber security goals continue to be met.
• Provide risk based direction in conjunction with IT Services for future system enhancements in line with the overall firm’s strategy
• Recognize potential opportunities for enhancing the firm’s security, ensuring minimal impact to practitioners
• Monitoring and reporting on compliance with security and data protection policies, as well as the enforcement of policies
• Take ownership and ensure Governance, Policy and Procedures in relation to Management of Information Security meets agreed standards within the group.
• Manage information security escalations from the Security Operations Center

• Bachelors or master’s degree in cyber security, software engineering, computer engineering or equivalent.

Experience

• 5+ years in information risk and information security management
• Familiarity with regulatory requirements related to handling information, including SOX, HIPAA, and Payment Card Industry/Data Security Standard (PCI) and data privacy regulations.
• Proficiency with firewalls, endpoint security, mobility management, and vulnerability scanning
• Broad knowledge of a wide range of Information Technology systems and a deep understanding of the inherent security risks associated with these technologies
• Strong technical abilities, combined with business understanding
• Ability to present security topics to a non-technical audience and presenting the business value of security
• A good understanding of IT networking and access management concepts
• Implement proactive and reactive controls and tools to capture the information security risks and minimize the impact
• Working knowledge of Security Architecture and potential security issues related to them PaaS, IaaS, SaaS and understanding of IAM, and Data Loss Prevention in a Microsoft Azure environment
• Knowledge of security technologies such as IDS/IPS, vulnerability testing and Firewalls      

Specific Designations, Certifications, Licenses

• CISSP (Must)
• CISA (Must)
• CRISC / SABSA (Preferred)
• ISACA Certified Information Manager (Must)