The IS & BC Lead is responsible for maintaining information security management and business continuity framework to ensure that assets and business processes are adequately protected. This position is responsible for identifying, evaluating and reporting on IS & BC risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the enterprise. This position´s focus in information security is on Information Security Management System and physical security set-up. IT and cybersecurity related activities are carried out in cooperation with Ericsson IT department.
As an IS & BC Lead, you will:
- Develop, maintain and publish up-to-date information security and Business Continuity policies, guidelines and procedures. Oversee the approval, training, and dissemination of security and business continuity policies and practices.
- Monitor the external threat environment for emerging threats, and provide regular reporting on the status of the security and business continuity risks to teams and senior business leaders
- Develop and oversee effective disaster recovery policies and standards to align with enterprise business continuity management program goals. Coordinate the development of implementation plans and procedures to ensure that business-critical services are recovered in the event of a security or business continuity event. Provide direction, support and in-house consulting in these areas.
- Understand and interact with related disciplines to ensure the consistent application of policies and standards across all business units, including, but not limited to, privacy, risk management, compliance and business continuity management.
- Ensure that security programs comply with relevant laws, regulations and policies to minimize or eliminate risk and audit findings.
- Liaise among the corporate security and business continuity teams as required.
- Work with various stakeholders to identify information asset owners to classify data and systems as part of a control framework implementation.
- Manage the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans and communicate information about residual risk.
In this role, it is important you have:
- Higher education (Bsc, BA or higher)
- 2-year experience in the field of information security and/or risk management
- Knowledge of ISO 22301, ISO 27001 (Lead auditor or Lead Implementer certifications preferred)
- Good written and verbal communication skills and strong organizational skills
- Project management skills: financial/budget management, scheduling and resource management
- Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals
- Experience developing and maintaining policies, procedures, standards and guidelines
- Proficiency in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies
- Opportunity to grow in diverse team and develop your career with us
- Influence industry 4.0 development
- Engaged and speak up environment
- Work & life balance, sport opportunities etc
Ericsson provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, sexual orientation, marital status, pregnancy, parental status, national origin, ethnic background, age, disability, political opinion, social status, veteran status, union membership or genetics.
Ericsson complies with applicable country, state and all local laws governing nondiscrimination in employment in every location across the world in which the company has facilities. In addition, Ericsson supports the UN Guiding Principles for Business and Human Rights and the United Nations Global Compact.
This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, training and development.
Ericsson expressly prohibits any form of workplace harassment based on race, color, religion, sex, sexual orientation, marital status, pregnancy, parental status, national origin, ethnic background, age, disability, political opinion, social status, veteran status, union membership or genetic information.