Text size
aA+ aA-
Click here to print

Cyber Security Advisor to h&m Group

Country : Sweden Sweden


Category : Logistics

Contract type : Permanent

Availability : Full time

Company presentation

Company Description
Shaping the future of fashion with people, data, and tech - The fashion and retail industries are going through a transformation, driven by customers technology and sustainability expectations. At H&M Group, we want to shape the future of retail by harnessing the power of smart tech and data. With our 74-year history of innovation, we understand the need to collaborate and co-create with engineers and tech specialists around the world to achieve our vision.
To provide a secure, trustworthy and always available experience to our customers, we are now establishing the H&M Group Cyber Security center of excellence. We are a global and diverse team of security engineers, specialists, analysts and architects whose main mission is to protect our customers, colleagues and company. Together we manage core security capabilities, build a culture of security, enable teams to create secure tech, and detect and manage threats. By joining this fast-growing center for excellence, you will have the opportunity to truly make an impact for millions of customers and employees. 

Job description

Job Description

As the fashion and retail industries are changing, H&M Group is on a mission to cater for protecting the security risks that comes with that. This is where you come in. We are looking for you who would love to contribute to change by coming along a team of Cyber Security advisors in Stockholm, and together protect our customers, colleagues and company.

What you will do as Cyber Security Advisor

As a Cyber security advisor you will play an important role in shaping a security mindset in an organization that is very retail oriented. Your main objective is to guide teams about the potential security risks and to help keep H&M Group secure.

By coaching, facilitating risk workshops and threat modelling sessions and making sure teams enhance security by collaborating with different stakeholders internally, you will improve the general security level for the whole group.You will be a part of improving way of working, implementing guidelines and using your practical experience to help teams embed security into business processes, IT solutions and systems. You will also perform assessments of third-party risks from our vendors and partners.

We believe you have experience and best practice knowledge in the area of information security as well as the ability to translate security-related information to a technical and non-technical audience, preferably in an agile environment.



Furthermore, we believe you have some of the following:

CCSP, CISSP, CISM, CISA certifications and/or experience from work within the area of GDPR, risk management, third-party security. Furthermore, you are familiar with standards and frameworks like the ISO 27000-series, NIST and CIS benchmarks/controls.

In addition, we would like you to have a comprehensive understanding of cloud security concepts and principles with an ability to identify and assess cloud-specific vulnerabilities and threats, e.g. for the Microsoft Azure or Google Cloud Platforms, something that most likely comes from practical experience in managing and/or advising an organization on their cloud security program.

In this role, driving change through good communication is key. Together with a team of advisors, you will be responsible to contribute to the right security mindset through the whole organization. We therefore believe you are a good listener, pragmatic and have a coaching approach.
Click here to print