Information Security Manager at Connecting Stockholm

About Connecting Stockholm As managers of Stockholm's metro system, we operate a socially critical service where safety, accessibility, and punctuality are at the center. We combine experience and innovation to create a metro system that is secure today and sustainable for the future. But our mission is about more than just traffic – it's about people, responsibility, and trust. Our culture is just as important as our mission. We believe in the power of collaboration, in relationships built on trust, and in leadership characterized by professionalism, heart, and commitment. We are driven by development – both of our operations and our employees. Here, you will have the opportunity to grow, influence, and help shape the future of public transportation – together with us. About the Role We are seeking an experienced Information Security Chief (CISO) to lead and develop our information and IT security work. In this role, you will be responsible for implementing, maintaining, and continuously improving our Information Security Management System (ISMS). You will also ensure compliance with ISO 27001 requirements, industry-specific standards, and relevant laws and regulations, including GDPR and NIS2. You will report to the Director of Security. Key Responsibilities: • Develop and drive the organization's information and IT security strategy • Manage and improve the Information Security Management System (ISMS) • Ensure compliance with relevant standards, laws, and regulations (e.g., ISO 27001, GDPR, NIS2) • Lead risk management efforts and maintain risk register, as well as continuity and incident management • Responsible for internal and external audits, reporting, and contacts with supervisory authorities • Strengthen the security culture through training, communication, and awareness across the organization • Provide support on security issues for projects and business development Qualifications: • Several years of experience working in information security within public transportation, public sector, or other critical infrastructure sectors • Holds at least one of the following certifications: CISSP, CISA, or CISM • Good understanding of Swedish legislation on data protection and information security • Experience with risk management • Proactive, structured, and solution-oriented • Ability to communicate effectively with both technical and non-technical stakeholders • Excellent Swedish and English language skills, both verbal and written Preferred Qualifications: • Technical background • Academic degree in a relevant field Additional Information: Start Date: As soon as possible, by agreement Location: Central Stockholm, with some possibility for remote work Scope: Full-time The position is covered by collective agreement and offers several benefits such as SL card, wellness allowance, lunch benefit, and discounted insurance. About the Application Process: We apply competency-based recruitment and strive for a fair and inclusive process. As part of the selection, we may use selection questions and tests to ensure an objective assessment of competence and potential. Reference checks and possible background checks may be conducted before a hiring decision is made. The position will be subject to security screening according to the Security Protection Act (2018:585)