IT Risk and Compliance Manager
We believe in security by design and privacy by design and enabling our teams to proactively work with risk management and cybersecurity. The IT Risk and Compliance Manager will work on the areas of Governance, Risk & Compliance to ensure cyber security and data protection across SAS operations. In this role, you will be responsible for IT risk management including vendor risk management, data privacy policies and standards, governing risk management and data privacy processes, and ensuring compliance to these. You are directly reporting to the Head of IT Ops and SecOps, and you are a vital part of the SAS Cybersecurity Skill Hub.
As IT Risk and Compliance Manager, your main responsibilities are to:
• Work together with the different teams within Digital and IT to enable the teams to work more hands-on with risk management and cybersecurity
• Develop and enhance cyber and data security policies, control objectives, controls, risk management processes and standards aligned with information security regulations, best practices, and frameworks
• Oversee and drive the cyber risk management processes, incl. cybersecurity controls follow-up and vendor risk management across SAS
• Align key stakeholders on cybersecurity policies, data privacy, guide and enable cybersecurity and data privacy practices across the organization
• Assist with internal and 3rd party audits and address associated findings, such as EASA, IOSA and PCI-DSS
• Own, develop and be system administrator of our IT risk and privacy management system OneTrust
To be successful, we believe you should have:
• A Degree in Information Security, Privacy Management, Information Systems or Computer Science is preferred or commensurate relevant work experience
• Minimum of 5 years’ experience with focus on regulatory compliance and involvement in either data privacy management or cybersecurity management
• In-depth knowledge and understanding of global privacy legislation (e.g., GDPR)
• Knowledge and experience of cyber security standards. Specific knowledge of NIST Cyber Security Framework seen as an advantage
• Experience in translating privacy and/or security regulations into workable and implementable policies and processes
• Experience in implementing enterprise IT risk and privacy management systems, experinece from OneTrust seen as an advantage
• Fluent in English, Swedish or other Nordic languages considered as an advantage
• Experience from aviation, e-commerce and/or from large enterprises seen as an advantage
• Experience from working in a developer intense organization close to development teams seen as an advantage
Personal qualifications
• Professional with a positive attitude and capable of contributing to a dynamic and team-oriented culture
• Strong analytical and interpersonal communication skills, including the ability to communicate effectively and build consensus with teams across organizational lines
If you feel inspired by the position and feel this is the right challenge for your career, we are looking forward to receiving your application and CV!
#LI-VK1
SAS, Scandinavia's leading airline since 1946, operates from its principal hub at Copenhagen Airport (CPH), complemented by hubs in Oslo (OSL) and Stockholm (ARN).
Our mission is to connect Scandinavia with the world and the world with Scandinavia. Each year, SAS serves more than 25 million passengers and transports 55 tons of cargo to 135 destinations across Europe, the USA, and Asia. With a passionate workforce of over 10,000 colleagues, we collaborate with partners and customers to drive transformative changes in aviation. We are committed to achieving net-zero emissions by 2050, embodying the visionary spirit of our founders: “To move from the old to what is about to come, is the only tradition worth keeping”. Innovation and societal progress are at the heart of everything we do.
For more information, visit our website at www.flysas.com or follow us on social media for the latest updates and promotions.