Schibsted is an innovative and entrepreneurial leader in the Nordics, with a proven track record of success. Our philosophy is built on challenging the status quo to lead the market. The CISO function within Schibsted must innovate our security culture to design a security management approach that protects our trust, motivates our culture and enables our competitiveness. This requires a risk-based approach of security integration into our corporate and brands strategies, processes and technology.
Schibsted's Chief Information Security Officer, CISO, must be transformation leader within the organization to improve the Schibsted Media Group's overall security maturity. This leadership role will work across business units to drive security improvements to shape Schibsted's future. This is a critical role necessary to protect the digital trust of Schibsted's well-known brands for our customers.
Schibsted's CISO reports to the CIO with a directive to build a security governance team, act as a center of excellence, working with the Enterprise Technology organization and across Schibsted's business to protect data security and operations. The role needs to balance security with business agility to drive strategic improvements to meet the security governance challenges of today and the future. The role will be based in Stockholm but work across Schibsted's GRC and security functions in the regions.
Schibsted's CISO holds overall Security Management responsibility coordinate through the CIO with the following key functional activities for security at Schibsted:
- Maintenance and development of Schibsted Security Management System, covering the development and enhancement of security policies, guidelines, and standards
- Security Performance Reporting, including weekly and monthly reports, analyzing security risks, corrective and KPIs
- Supplier Security Assurance and risk management, developing and maintaining an appropriate security lifecycle to appropriately manage 3rd party service and technology security risks
- Integration and alignment of privacy demands and requirements to appropriate protection and maintain compliance with GDPR regulations across Schibsted's operations
- Overall security incident management, including Data Breach, strategy and compliance processes aligned with business unit demand, resourcing, and reporting requirements
- Maintenance and development of Enterprise Technology security service strategy with integration into corporate service architecture and capabilities
- Security architecture and consulting, as a center of excellence, to advance and enhance security automation, tooling and security governance controls
- Overall security awareness program design and management aligned to employee competency requirements
- Security assessments, auditing, and compliance to improve and measure the maturity of Schibsted companies, functions and Enterprise Technology
Knowledge and Skills:
- Team recruitment, management, and development to support strategic activities and responsibilities
- Security evangelist across Schibsted to promote, change and integrate security governance across Schibsted business and operations
- Strategic design and maintenance of security policies, guidelines, and standards shaped to meet Schibsted's innovative, agile and entrepreneurial culture
- Security Forum leadership to promote, coordinate and advance security standards and controls to mitigate security gaps and implement corrective actions
- Plan and implement security assessments and audits aligned to risk priorities to mature the security culture and most effectively manage business risks
- Supplier Security Assessments and process design, including automation and coordination with GDPR privacy compliance requirements
- Create, deploy and acquire appropriate security awareness content and courses to raise and improve overall security awareness aligned to applicable audiences, from developers to general employees
- Enterprise Technology security architect and design resource with a focus on integrating security capabilities into corporate IT services and processes.
Background and Experience:
- Working application security expertise across cloud IaaS and SaaS environments, including direct security management experience with AWS, Google or Azure
- Secdevops knowledge and implementation expertise, inclusive of automation of vulnerability scans and security compliance tools
- Diverse security expertise legacy data center environments to container orchestration
- Excellent verbal and written communications skills, inclusive of policy, guidelines and standards development and implementation
- Working practical knowledge of full security suite of controls from identity access management across network and application security with both on-premise and SaaS-based application solutions
- Comprehensive familiarity with operations and security technical compliance maintenance of IAM, PAM, Next-Gen Firewalls, IDS/IPS, HIPS, WAF, SIEM, DLP, UEBA/CASB or similar security technologies
- Design and implementation of security management systems aligned to ISO 20000, ISO 22301, and ISO 27001 or similar such as NIST of CIS Critical Security Controls
- Practical knowledge of GDPR security technical and organizational controls implementation across a dynamic and diverse business and technology environment
- Proven leadership experience in a diverse and international environment
- Passion for security and people with the ability to motivate and change corporate culture
- Over 5 years experience in a security leadership role with team management responsibilities
- Technologist with practical expertise and implementation success to design security tools to meet business requirements
- Excellent leadership and communications skills and know-how with an entrepreneurial spirit
- Ability to proactively solve problems and react to security challenges in real-time
Schibsted is a dynamic innovative environment, where a CISO can help build and lead the company to meet the technology demands and product challenges of the future.
Background check is part of the recruitment process for final candidates.