Stora Enso is a leading provider of renewable solutions in packaging, biomaterials, wooden constructions and paper on global markets. Our aim is to replace fossil based materials by innovating and developing new products and services based on wood and other renewable materials. See more: www.storaenso.com.
IT Compliance & Risk Specialist
Structured processes are a crucial element of Stora Enso’s transformation strategy. While the development of our businesses processes, methods and tools are executed in all units of the company, Information and Cyber Security unit contributes to this work by engaging with IT and Business, advising on a broad range of Information Security and Risk Management (IS&RM) topics including Information and Cyber Security, IT Compliance, and Information Risk Management areas. Ensuring functional IT asset risks are managed in line with organisation’s relevant policies, guidelines and processes are also within the responsibility of the unit.
We are now looking for a Compliance & Risk Specialist to strengthen our Information & Cyber Security team. We are now searching for a self-driven and independent person who has analytical mind, great communication skills especially in English, knows how to handle business stakeholders and is ready to go the extra mile to fulfill the needs of customers.
Main purposes of the job:
To translate industry, government and contractual risk and compliance requirements into IS&RM frameworks, policies, standards and best practices. Ensures delivery of day-to-day operations such as remediation of non-compliant areas across all of Stora Enso's lines of business and support internal and external audits in the areas of Information and Cyber Security, Risk and Compliance.
Your responsibilities will be to:
- Run a risk and compliance management framework and associated policies and processes
- Analyse and improve the efficacy of risk and compliance management frameworks, policies, standards and best practices in support of the corporate Information and Cyber Security, Risk and Compliance Programs
- Assist/Coordinate the identification, analysis and assessment of information risk criticality and BIA (Business Impact Analysis) activities
- Measure and assure that controls are in place and managed properly to meet legal and regulatory compliance for the protection of all of Stora Enso's information assets
- Follow up on deficiencies identified in monitoring reviews, self-assessments, automated assessments, and internal and external audits to ensure that appropriate remediation measures have been taken
- Review risk and control self-assessment results, and communicate with the service managers/application/systems/data owners regarding key concerns and questions
- Provide expertise around risk and compliance issues and recommend solutions to mitigate and eliminate possible threats/risks to Stora Enso information assets.
- Facilitate risk assessments to periodically re-evaluate criticality of the system, risks, and mitigation strategies
- Capture, maintain and monitor information security risk in one repository
- Contribute to the development and implementation of group-wide IS&RM KPIs across the organisation
- Work with other stakeholders to ensure alignment and holistic approach for the end-to-end IS&RM.
What qualification do you need to be successful in this position?
- University degree in relevant field or equivalent experience
- Three years of combined IT work experience with a broad range of exposure to IT Risk area, plus one year of experience directly with IT Compliance
- Working knowledge of risk remediation/treatment techniques and implications across all platforms
- Experience in designing and implementing risk and compliance best practices
- Solid understanding and working experience in end-to-end IS&RM processes
- Experience in alignment with business and IT requirements, including translation of business requirements into risk & compliance requirements
- Experience in coordinating efforts between IT and internal/external audit entities to assist in scheduling, resource planning, and remediation efforts
- Ability to network and communicate with various stakeholders in a multi-national matrix organisation
- Excellent communication skills in English (Swedish or Finnish is an advantage)
- Readiness to travel (post pandemic)
We offer you an opportunity to contribute to Stora Enso’s transformation journey and to acquire a deep understanding of our ways of working and particular challenges. In this position you will be able to build your network in the company and create a sound platform for further development.
Location: Ostrava, other places to be discussed.
Part of the bio-economy, Stora Enso is a leading provider of renewable solutions in packaging, biomaterials, wooden constructions and paper globally. We believe that everything that is made from fossil-based materials today can be made from a tree tomorrow. Stora Enso has some 26 000 employees in over 30 countries. Our sales in 2017 were EUR 10 billion.
Informace o pozici
- Stora Enso Wood Products Ždírec s.r.o.
- 28. října 3348/65, Ostrava – Moravská Ostrava
- Required education: Bachelor's
- Required languages: English (Advanced)
- Benefits: Bonuses, Cell phone, Notebook, Contributions to the pension / life insurance, Flexible start/end of working hours, Meal tickets / catering allowance, Holidays 5 weeks, Educational courses, training, Cafeteria, Refreshments on workplace, Occasional work from home, Corporate events, Foreign business trips
- Listed in: IS/IT: Consultations, analyses, and project management, IS/IT: System and HW administration, Security and safety
- Employment form
- Employment form: Full-time work
- Employment contract
- Employment contract: employment contract
- Employer type: Employer