Head of IT Security Assurance Frameworks

About this opportunity:

The IT Security Team are a global unit tasked to develop and maintain the central IT Security Framework, drive risk management and supporting internal and external audits related to IT Security and supervise Ericsson's IT Security posture by continuously assessing the efficiency of IT Security controls across all Information Technology environments within Ericsson.

In this role you will have the chance to be part of a hard-working distributed team dedicated to fulfilling Ericsson's emerging journey building a strong, resilient, purposed and balanced IT Security capability. Mandated to protect our company assets from emerging threats and risks, you will together with your colleagues lead the way to develop the future IT Security concepts and technology roadmaps in Ericsson.

What you will do:

• Provide strategic leadership for the development, implementation, and continuous improvement of IT security framework and compliance program.
• Ensure performance, security and other standard methodologies. Steer projects to align to guidelines and directives.
• Lead the development and maintenance of comprehensive IT security policies, standards, and procedures.
• Ensure that security policies are consistent with industry frameworks (e.g., ISO 27001, NIST, CIS Top 18, etc.) and regulatory requirements.
• Oversee and supervise compliance with internal security policies, industry standards
• Provide preparation for security related audits & assessments carried out by internal and external audit parties and coordinate the remediation effort of any identified non-conformities / observations.
• Implement and lead a robust IT Security Risk management program, including regular risk assessments and mitigation strategies.
• Collaborate with multi-functional teams to address identified risks.
• Conduct periodic drills and exercises to test the effectiveness of the IT Security Controls.
• Ensure that employees understand and adhere to security policies and procedures.
• Stay abreast of emerging security threats, technologies, and industry trends.
• Recommend and implement improvements to the security framework and compliance program based on evolving risks and challenges.
• The ability to externally and internally convey your proven general security and compliance experience and support Ericsson's security posture to key decision makers.
• Communicate effectively with internal and external stakeholders on security and compliance matters.
  

The skills you bring:

• Minimum of bachelor's degree in computer science, cyber security, information security telecommunications or related technical area, or equivalent practical experience.
• Minimum of 18 years experience in information & IT security and/or IT risk management with a focus on security, performance and reliability.
• Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or equivalent.
• Solid understanding of industry standards, frameworks, and regulations.
• Exceptional interpersonal, leadership, team management and communication skills including strong listening, negotiation, persuasion and facilitation skills with all levels of leadership and employees.
• Collaborative, team-player with ability to work across domains, in teams, across geographies and cultures. Ability to build effective relationships and excellent social, communication and consultative skills.
• Demonstrable ability to collaborate with multi-functional teams of business, IT and other key partners. Strategic approach with an analytical, structured and result oriented approach.