Cybersecurity Consultant
Share
Job Location:
Monthly Salary:
Posted on:
Vacancies:
Job Summary
Role: Information Security Consultant
Level: Senior
Location: Stockholm Sweden
Remote work: Up to 25%
Duration: 9 March 2026 to 30 November 2026
Weekly hours: 40
About the assignment
This role sits within the Governance Risk and Compliance area of cyber security. The focus is on keeping the organizations security posture strong adaptable and aligned with business needs. The work spans three main areas: setting up clear governance structures managing cyber and technology risks throughout their lifecycle and ensuring the company meets relevant laws standards and regulatory expectations globally.
Youll be part of a team that makes sure security practices are consistently applied across all H&M markets. The position involves close collaboration with teams throughout the organization and contributes to ongoing improvements in both processes and services.
The role takes the lead in shaping and maintaining the governance framework overseeing risk management activities ensuring compliance with international standards and supporting resilience through continuity and crisis-related work. It requires deep understanding of cyber security principles and the ability to translate strategy into concrete action across the H&M Group.
Responsibilities
In this role you will:
Help develop and refine the organizations cyber security GRC frameworks.
Ensure governance models and security policies are accessible clear and adopted across all parts of the business.
Lead and support cyber risk assessments at both enterprise and operational levels maintaining central risk registers.
Create audit and control-testing plans and evaluate compliance and control performance.
Promote continuous improvement by identifying more effective controls and streamlined processes.
Work closely with internal teams and external partners including vendors to manage cyber risks and ensure alignment with internal requirements and contracts.
Act as a visible representative for cyber security making complex topics understandable to non-specialists.
Qualifications
Around 5 years of experience in cyber security within a global environment.
Approximately 3 years working specifically with governance risk and compliance.
Relevant education in GRC or information/cyber security (university degree vocational diploma or equivalent experience).
Solid understanding of regulatory compliance in an international context.
Strong knowledge of cyber security standards and frameworks such as ISO 27001 ISO 31000 ISO 22301 NIST CSF or C2M2.
Demonstrated experience in risk management and reporting for global organizations.
Background in designing and maintaining cyber security frameworks.
Experience collaborating with auditors and QSAs in assessments and certification processes.
Excellent English communication and collaboration skills.
Experience promoting security awareness and contributing to a positive security culture.
Strong change-management capabilities.
Preferred certifications
CISM CISSP CCISO or similar information/cyber security certifications.
ISO 27001 credentials such as Lead Implementor or Lead Auditor.
Required skills
Regulatory compliance and audit experience
Strong stakeholder-management and communication abilities
Cybersecurity risk management
Governance and framework development
Security culture and change-management experience
Knowledge of security standards and best practices
Security control design and testing
Familiarity with ISO 27001 ISO 31000 ISO 22301 NIST CSF
Proficiency in English
Recruitment Partner: Sperton
This position is exclusively managed by Sperton a global talent partner connecting high-performing professionals with leading organizations worldwide.
Key Skills
- Sales Experience
- Direct Sales
- Hyperion
- Financial Services
- Financial Concepts
- Banking
- Oracle EBS
- Securities Law
- Peoplesoft
- Oracle
- Financial Management
- Workday
