IT Risk & Compliance Manager

About SAS and our purpose

Since 1946, we have kept Scandinavia connected to the world and the world to Scandinavia. We have been frontrunners in the air – but the future we head into is ever-changing. We need to be one step ahead. That is why we now make the largest move within Digital and IT in the history of SAS. We will employ 100 new people working with data engineering, data science, UX design, front- and back end development and more, to a new inhouse department – leading the way for aviation into the future. Our ambitions transcend those of our industry – and this team will be the center of our most accelerated technological transformation so far.

As part of our inhouse department, you will be a guiding star to implement a true digital-first approach throughout SAS. We are dedicated to becoming the airline with absolute integration between business, people, and technology, creating a seamless travel experience for our customers. Given the freedom to bring in your own ideas, you will be provided opportunities to impact the future of SAS, aviation, and a more sustainable air travel. Together, we will continue to transform aviation for generations to come.

We are SAS, and we move Scandinavia. We fly because the world is moving, and it needs our help to stay in motion. Will you get on board and join our journey?

Challenges you will work on:

We believe in security by design and privacy by design and enabling our teams to proactively work with risk management and cybersecurity. The IT Risk and Compliance Manager will work on the areas of Governance, Risk & Compliance to ensure cyber security and data protection across SAS operations. In this role, you will be responsible for IT risk management including vendor risk management, data privacy policies and standards, governing risk management and data privacy processes, and ensuring compliance to these. You are directly reporting to the Head of IT Ops and SecOps, and you are a vital part of the SAS Cybersecurity Skill Hub.

As IT Risk and Compliance Manager, your main responsibilities are to:

• Work together with the different teams within Digital and IT to enable the teams to work more hands-on with risk management and cybersecurity

• Develop and enhance cyber and data security policies, control objectives, controls, risk management processes and standards aligned with information security regulations, best practices, and frameworks

• Oversee and drive the cyber risk management processes, incl. cybersecurity controls follow-up and vendor risk management across SAS

• Align key stakeholders on cybersecurity policies, data privacy, guide and enable cybersecurity and data privacy practices across the organization

• Assist with internal and 3rd party audits and address associated findings, such as EASA, IOSA and PCI-DSS

• Own, develop and be system administrator of our IT risk and privacy management system OneTrust

To be successful, we believe you should have:

• A Degree in Information Security, Privacy Management, Information Systems or Computer Science is preferred or commensurate relevant work experience

• Minimum of 5 years’ experience with focus on regulatory compliance and involvement in either data privacy management or cybersecurity management

• In-depth knowledge and understanding of global privacy legislation (e.g., GDPR)

• Knowledge and experience of cyber security standards. Specific knowledge of NIST Cyber Security Framework seen as an advantage

• Experience in translating privacy and/or security regulations into workable and implementable policies and processes

• Experience in implementing enterprise IT risk and privacy management systems, experinece from OneTrust seen as an advantage

• Fluent in English, Swedish or other Nordic languages considered as an advantage

• Experience from aviation, e-commerce and/or from large enterprises seen as an advantage

• Experience from working in a developer intense organization close to development teams seen as an advantage

Personal qualifications

• Professional with a positive attitude and capable of contributing to a dynamic and team-oriented culture

• Strong analytical and interpersonal communication skills, including the ability to communicate effectively and build consensus with teams across organizational lines

This is why we love SAS

• Purposeful: Be part of a historical transformation on a continuous journey to create a new and seamless way to travel, with opportunities to solve challenges that no one has cracked before

• Adventurous: We grow by making the world smaller. Discounted airline tickets providing you, your family and friends to travel the world at great prices.

• Personal: Opportunity to work on many challenges and initiatives

• Innovative: Building in-house development of products allows for freedom to bring in own ideas

• Ownership: Opportunity of bringing initiatives from ideas into end-point delivery