Head of IT Controls & Compliance - Aarhus
Would you like to head the IT security risk management agenda in Arla and set the policies and requirements for appropriate risk mitigation in support of Arla’s information security programme? Are you an experienced risk management professional with a specialty in the information security areas? If so, this position as Head of Information Security can give you the opportunity to drive an information security agenda within a global organisation.
Help protect Arla’s sensitive information
We are seeking a profile to drive Arla’s global information security agenda and the information security control & compliance programme. Sitting within our global Risk, Controls & Compliance function, you will have an outstanding mission securing Arla’s global IT security – in close cooperation with Arla IT and external service providers. To do so, you will define the overall policies and requirements for our global IT operations and via IT security reviews monitor that we adhere to this on a global scale.
Another important part of your job will be to drive the IT security awareness, communicate the cyber resilience agenda, secure buy-in to the IT Code of Practice and ensure these are anchored among a broad range of stakeholders. You will proactively ensure the Arla group has a strong awareness of the significant and scalable P&L impact of the cyber security agenda
In addition, you will align policies and procedures with information security architecture and roadmaps with key stakeholders. Furthermore, you will facilitate the annual external IT audit, liaising with external auditors and reviewing / taking actions on the report. As Arla grows internationally through merger, acquisition or joint ventures, you will have a consultancy role on the local IT setup to ensure compliance and best practice.
As you can see, this is senior role with a large responsibility, as your area of liability will have the full attention of the top management.
Strategic approach to risk management
Our ideal candidate will have 4 years + experience within a similar position (i.e. Chief Information Security Officer) in a global organization, or as an IT Auditor used to solving information security projects for large and complex clients. You will have at least one of the following certifications: CISM, CRISC, CISA, CISSP or ESL.
You have a strong risk management focus and a track record of using this to deliver outstanding results, using structured and strategic insights. At the same time, you ensure that the operational tasks are handed to relevant stakeholders in order to dedicate your focus on the strategic elements of the job.
You will be highly skilled at identifying and analyzing both existing and new risks to our technology. We expect a strategic and business focused analysis, in order to determine what actions are necessary to mitigate the risk. So you must be able to combine inquisitiveness with a level of discipline around how you approach problems and implement solutions. The ability to challenge stakeholders at a senior level is important, to communicate the impact of identified risks, and gaining buy-in for related mitigation tasks.
An ability to have a strong understanding of technical and complex IT topics, but also able to communicate this to a non-technical audience is crucial to your success.
Application and contact
For additional information, please call Director, Risk, Controls & Compliance, Lars Schjøtt Jepsen on +45 91 31 60 51. If you want to seize this exciting opportunity, please apply as soon as possible but not later than 19 October 2018.