Information Security Specialist at Karolinska University Hospital

Karolinska University Hospital is one of the world's leading university hospitals, and we strive to be the best at what is difficult.

We operate in a complex and dynamic environment where systematic information security work is crucial for us to deliver our mission safely.

We are now looking for someone with experience in leading projects who wants to contribute to taking information security to the next level and make a real difference in healthcare.

You are offered

• To play a central role in further developing and strengthening our systematic information security work
• To work both tactically and operationally to support the operations in managing their information safely
• With us, you will work with information security that truly makes a difference.

Of course, you will also benefit from our general benefits that Karolinska University Hospital offers you.

About the position

We are looking for a driven information security specialist who can lead projects and balance both overarching development work and operational work, while navigating in a world where risk, compliance, and the needs of the organization must interact. You understand that the key to successful systematic information security work.

The role of the information security officer involves independent and goal-oriented work with both strategic and operational elements. The work is conducted in a complex environment where risk management, compliance, and the needs of the organization need to be balanced in a structured and effective manner.

The role includes creating clear processes and conditions that make it easy for the organization to act safely and correctly – it should be easy to do the right thing.

By strengthening information security, the position contributes to a safe and secure handling of the critical information used within Karolinska's operations. It enables efficient, reliable, and secure healthcare delivery for both patients and staff. The work is thus an important part of maintaining trust in the digital solutions of healthcare and creating a safe healthcare experience.

You should be able to lead projects and report directly to the information security coordinator.

The main tasks include, among other things:

• Support the information security coordinator (CISO) and information security coordinators in their tasks, which may involve both strategic, tactical, and operational work.
• Ensure that Karolinska conducts its information security work in accordance with applicable legal regulations.
• Drive initiatives to improve and develop Karolinska's systematic information security work, for example, by further developing processes, methodological support, guidelines, and informational materials.
• Develop and conduct training/workshops and communicate information security messages to various target groups.
• Provide advice and support to the organization and management team within the field of information security, both through support in interpreting legal regulations and applicable standards, as well as in specific operational matters/projects.
• Be an advisor and support in procedural matters during procurements and purchases based on the guidance from Region Stockholm and the supporting and governing documents that exist internally at Karolinska.

We are looking for you who

• Have a solid understanding of information security in practice – someone who sees the big picture but understands the details.
• Have a very good understanding of applicable legal regulations and standards.
• Have a strong drive as you see what needs to be done and proactively lead the work in a changing environment.
• Are meticulous and take great responsibility for high quality in your delivery.
• Can work independently as well as lead teams in projects.
• Can convey complex information clearly and have a good ability to develop and conduct training in information security.
• Adapt the content to different target groups and inspire employees to promote a security-conscious culture.
• Are engaged and take initiative, enjoy having many balls in the air at the same time.
• Have excellent communication skills.

We place great emphasis on personal qualities.

Qualifications

Requirements:

• Academic degree in information security or a relevant field that the employer deems equivalent.
• Ability to communicate legal regulations and guidelines understandably to various stakeholders within an organization.
• Have experience leading projects.
• Certified in relevant information security standards such as NIS/NIS2 and ISO 27001 series and AI regulation.
• At least five years of experience in systematic information security work at a strategic and/or tactical level.
• Good understanding and experience of operational work/support with, for example, information security controls, risk analyses, requirements specification during purchases, and training.
• A deep understanding of information security, and the ability to communicate and collaborate with IT security specialists.
• Good experience with the General Data Protection Regulation (GDPR) and its application and relation to information security.

Meritorious:

• Experience in practical preparatory work with the NIS2 directive in anticipation of the upcoming cybersecurity law, especially work with essential entities or sectors relevant to us.
• Experience in information security work in complex environments with multiple regulations to adhere to.
• Knowledge of or experience in practical work within data protection and IT security.
• Experience in information security work within the public sector and/or healthcare or politically governed organizations.
• Understanding of other relevant legislation within healthcare, such as the Public Access to Information and Secrecy Act, the Patient Data Act, MDR/IVDR, and AI regulation.

About the recruitment process

Selection and interviews may take place continuously during the application period.

In connection with your application, you need to attach a CV. Instead of a personal letter, we ask you to answer selection questions and briefly motivate why you are suitable for the role. Answering the questions is a prerequisite for your application to be considered complete.

Warm welcome with your application - Together we are Karolinska!