Senior Information Security Specialist

Senior Information Security Specialist: Governance, Risk & Compliance, Copenhagen

It is an exciting time to be joining Carlsberg’s Information Security team as we are implementing a new ISMS. As a part of the Information Security Governance, Risk and Compliance team, you will work in a truly global and diverse organisation.

What you’ll be doing

Carlsberg is implementing a new global ISMS and we are therefore enhancing our risk management capabilities. One of our key objectives is to ensure that we can bring forward the right information for our top management to make risk-based decisions within cyber and information security.  You will help develop the ISMS, polices and standards, as well as carrying out risk management activities ensuring that the relevant risks are reported into the ISMS and you will help advice the rest of the organisation on how to ensure compliance with legal requirements, internal policies as well on how to support business objectives.

As a Senior Information Security Specialist in the GRC team, you will work with various tasks within the area of Risk management, Governance and Compliance. The GRC team is located within Carlsberg´s global information security function.

In your role you will:

• Play a key role in implementing key ISMS processes and information security risk management throughout the organization
• Be active in driving change management activities in the organisation to implement the ISMS
• Maintain and develop risk management processes and facilitate communicate within the organization
• Facilitate annual risk assessments
• Maintain an inventory of assets supporting business critical processes
• Ensure policies, manuals and procedures for the ISMS is in place, reviewed and updated
• Ensuring security objectives and risk appetite are established and agreed on regular basis
• Ensure alignment between the security objectives of the ISMS and risk appetite of top management
• Advice and support the local markets and relevant functions in understanding Group information security and compliance requirements
• Support audits within country units and within Group functions
• Define relevant security KPI’s and Key Risk Indicators
• Collect KPI’s and KRI reporting data from relevant functions and local markets
• Facilitate Information Security Board meetings and decisions on risk treatment
• Ensure ongoing alignment with relevant group functions and local markets

What we’re looking for

• A strong compliance and risk management profile who is able to translate legal requirements into pragmatic and actionable solutions
• A person who enjoys working in an international and multi-cultural environment
• A strong communicator with experience in managing change in an organisation
• A person with a systematic approach to navigating in a complex environment
• A team player who enjoys engaging with many stakeholders outside of the Information Security function
• A person who finds it equally exciting to help define and build processes as well as managing them
• An advisor who is confident in advising on information security to the business and other relevant stakeholders
• A person who is structured and can balance between having a broad overview and an ability to dive into details
• A person with knowledge of the common security standards and frameworks (such as ISO 27001, CIS18, NIST or similar standards).as well as knowledge about NIS2.
• A security generalist with knowledge of information security controls
• An experienced GRC profile with experience in either implementing an ISMS or working in the context of an ISMS
• A person with experience in working with information security risk management

What you can expect

• Focus on your development
• Fun and informal atmosphere, in a truly global team
• Flexible work environment supporting a work/ life balance
• Great professional challenges and chances to grow
• Company Friday bars, employee benefits and participation in Tech events
• Being part of a company with an enormous heritage and a strong connection with Denmark’s Capital City

You will be based out of our Central Office in Copenhagen, but you will be offered great flexibility in the role. You can expect that the role will require a number of travel days per year.

Carlsberg Integrated Information Technology (IIT)

The information security team is a part of IIT, and we are responsible for securing our information and assets wherever they are. IIT are the global provider of technology services to all business functions, regions, and markets in the Carlsberg Group. This includes solution delivery and operations.  We are a global organisation, and we have a tight collaboration with our local markets in all three regions: Western Europe, Central & Eastern Europe and Asia.

Interested?

Apply today via the link below. Deadline for applying is the 9th February. Please note that we only accept applications received via our applicant system. For relevant questions about the role please contact hiring manager Christina Granborg Lyngsig at christina.lyngsig@carlsberg.com. We read applications continuously, and vacancies may be filled if we come across the right candidate, so apply as early as possible.

We look forward to receiving your application.

Carlsberg Group: Brewing for a better today and tomorrow

For us success has always been in the diverse mix of our people, our beers and our brands. At Carlsberg, we want to recruit and develop people with a global mindset, cultural understanding, and international experience to ensure that our organization stays agile, inclusive and prepared for future growth. Only by acknowledging and harvesting from different perspectives and experiences, will we gain competitive advantage and leverage the effect of diversity for business growth. Carlsberg aims to create equal access to opportunity regardless of social identity, and we encourage everyone to apply regardless of gender, nationality, race, religion or any other characteristics protected by law.