Third Party Info Security Specialist (668771)

About this opportunity
Do you want to shape the direction of Ericsson security and drive operational excellence, continuous development, and improvement of Risk Management, Security Strategy & Frameworks? Do you want to work together in an engaged team of strong security experts?
You will play a key part in Group Security’s Risk team in unit Security Governance, ensuring Third-Party Security Risk Management competence in our team. Our team is setting strategic direction for security across Ericsson worldwide.
Important personality traits are your ability to collaborate, analyze and influence. You will work closely together with teams across Ericsson which means you need to have good people- and coordination skills. Self-motivation and drive will be key, along with the ability to see opportunities for continuous improvement and inspire change.
We are looking for an energetic colleague who will join our team on a mission to protect Ericsson's people, assets, and values
What you will do
The Third-Party Information Security Specialist directly collaborates with the Head of Risk team and has the following responsibilities:
Triage suppliers and engagements based on the potential impact to Ericsson.
Perform security assessment of third parties and their related information systems.
Scope and negotiate terms and conditions with third parties related to information security.
Support in the review of Privacy Data Processing Agreements with third-party sub-processors.
Monitor third parties using OSINT and security ratings software.
Perform remote security audits of third parties.
Perform Security Risk Assessments in M&A and Divestments projects
Offboard suppliers and ensure the removal or destruction of Ericsson data.
Identify risks related to third parties and drive risk treatment.
Work with third parties to improve their security.
Stay up-to-date on information technology trends and security standards.
Participate in GS developing governance models, processes, methods, routines, and tools to ensure efficiency of the security strategy.

You will bring
Academic degree in a related field or relevant work experience within Information Security and/or Third-Party Risk Management (more than 5 years)
Related certification(s), for example: CISSP, CISA, CISM, Security+, CEH, GSEC, SSCP, CASP, GCIH, OSCP, CTPRP, C3PRMP
Experience from M&A and Divestments
Understanding of cloud computing including the shared responsibility model.
Understanding of business impact and risk-based decision-making.
Coordinating and project management skills.
Excellent verbal, written, and interpersonal communication skills in English.
Expertise on ISO/IEC 27001 and NIST, and on ISO31000.

Additional Qualifications taken into consideration:
Knowledge of risk quantification, risk appetite development, IT Security
Business Process Knowledge, Group Management Systems.
Knowledge of Privacy, BCM and other management system standards.
Analytical skills, strong problem-solving skills, proven teammate.
Change and Improvement Management Skills



Why join Ericsson?
At Ericsson, you´ll have an outstanding opportunity. The chance to use your skills and imagination to push the boundaries of what´s possible. To build never seen before solutions to some of the world’s toughest problems. You´ll be challenged, but you won’t be alone. You´ll be joining a team of diverse innovators, all driven to go beyond the status quo to craft what comes next.
What happens once you apply?
Come join our #TeamEricsson. Feel free to apply and include a resume in English, outlining how you meet the specific requirements of the position.
The selection and interview process is ongoing. Therefore, send in your application in English as soon as possible. We encourage you to apply!
If you have any further questions, you are welcome to contact us:
Hiring Manager: Head of Risk
Recruiter: Justyna Gnatowska (Justyna.gnatowska@ericsson.com)
Location: Sweden, Stockholm









Kindly note that we do not accept applications sent via e-mail