Skip to main content

Information Security & Data Privacy Leader

Spreitenbach, Switzerland - Explore location Spreitenbach IT & Digital Solutions Full time

Job description

Who you are

As a person you are motivated to lead the organisation in understanding the value that the function brings and how it makes a positive contribution to the business objectives. You strive for being able to provide real business value driving the protection and compliance of country information assets with a big focus on data. The IKEA Business and our values and how they apply to Data Privacy is your passion. Furthermore, you enjoy solving potential business risks by mitigating non-compliance by using your expertise to identify relevant IT security and privacy controls and you have the energy to keep up-to-date with changing legislation, to interpret the applicability to the country and learning new methods in using data. Last but not least you share and live the IKEA culture and values.

We believe you have a couple of years of experience working directly with Data Privacy (projects/ programmes) and some experience from working with IT Security, demonstrating a working knowledge of which controls can mitigate certain risks. We think you have a CIPP/x or equivalent certifications, strong knowledge in industry standards, such as ISO27001, NIST Cybersecurity Framework, etc. and expert knowledge of data privacy legislation and what controls are needed to secure compliance. You also possess knowledge in the risk management process, ability to perform risk assessments and to advise on needed IT mitigating controls.
You are appreciated for your strong communication skills, being able to convey the security and privacy message to the wide spectrum of co-workers and stakeholders. And you have the ability to demonstrate a risk-based approach to decisions concerning and capability to understand how security and data privacy controls can mitigate business and information risks. If you are passionate about data management in general, not only in the area of Data Privacy it is seen as an advantage.

You have knowledge in following areas:

• expert knowledge of local and EU (GDPR) Data Privacy legislation and how this impacts business operations.
• knowledge of IT Security controls and industry best practices in IT security.
• solid understanding of Privacy by Design and how to operationalise this concept within the local country.
• broad knowledge of potential information risks for the country organisation, its co-workers, customers, and suppliers and how Information Security can mitigate these risks.
• good knowledge of and proven experience with the Risk Management Process.
• Have strong English language skills, and a good knowledge of German.

What you need to know

To protect our brand, as a leader in information security and data privacy, you will implement the national information security and data privacy strategy and promote compliance to relevant internal steering documents and international information security and data privacy regulations. Additionally, you will operationalize Privacy by Design practices and promote a Privacy by Design culture across the nation. Additionally, you will assist the owners of information and business process in integrating the required information security requirements into their procedure or solution.

You will:

• secure the effective implementation of the Group Information Security and Data Privacy strategy and common Group Digital goals in your country
• be a key business partner, securing the ‘Security and Privacy by Design’ concept and integrating the function into business processes and compliancy in projects.
• secure the use of the mandatory learning solutions throughout the organisation, collaborating with the Competence Development team to ensure effectiveness
• have accountability for the Information Security and Data Privacy incident management process, supporting with contact with local regulators and/or individuals, decision material and escalations as required
• secure Personal Data Management activities such as Personal Data Inventory and Mapping are completed
• manage local suppliers in the full lifecycle of activity from a Data Privacy and Information Security perspective, from selection through to contracts and continuous measurement activities
• keep updated on current and emerging security and privacy trends, threats, tools as well as changes in legislation within the area of Data Privacy and applicability to the organisation
• secure the process for Individual Rights requests and ensure that this is followed
• work closely with the Data Management Leader in making sure we utilise our data assets in the best way possible.

In this role you will report to the Country Digital Manager.

About this work area

In 2019 we started a new Digital organisation, expected to be the local business partner responsible for Digital, working as a seamless part of the global Ingka Group Digital organization. We are accountable to lead and drive the Digital agenda and transformation. And to ensure IKEA Digital products and technology are delivered with excellence to meet the needs of customers and co-workers to enhance the whole IKEA shopping experience.

We have built up an effective and efficient Digital organisation to support IKEA business processes by maintaining, developing, and supporting smart, simple, and reliable Digital products and technology. Our footprint in the Swiss Retail organisation, is much stronger than ever before, and we are now a natural part of the business plans, influencing our future with the digital roadmap on all levels, functions, and units. Knowledge of data privacy and the usage of data is and will be a key part of our work in the future. By by siding with customers and co-workers we make sure our compliance is up to date and follows what´s expected from a legal and ethical point of view.

Questions and support? Let's connect!

In case you have questions regarding the position as such please contact Country Digital Manager Ann Ström at