Vacant job

On behalf of our client, we are looking for a solution-oriented information security and data protection specialist to work on information security and data protection issues within one of their development programs.

You will be the central person in the program regarding information security and data protection questions and tasks. You will work in several parallel cross-functional projects developing a modern data platform for analysis, research, and AI on health data.

Examples of tasks:

• Describe requirements for protective mechanisms and technical design from an information security and data protection perspective
• Find solutions together with the team to meet internal and external requirements
• Drive the work with information classification and risk analysis within the framework of the program
• Independently write impact assessments (DPIA)
• Propose modularization of risk analyses and measures, so that similar information to be placed in the same or similar infrastructure requires less work, in order to increase the throughput of high-quality risk analyses for AI and data platforms
• Continuously drive improvement work from an information security and data protection perspective. This work should include continuously revising and proposing security-enhancing measures related to existing processes and technical solutions

The work is based on regional guidelines and management systems within information security and data protection, with a clear vision of how to achieve a sustainable information security and data protection culture throughout Region Skåne.

The role of information security and data protection specialist requires competence at the interface between law and technology, with knowledge and experience of information classifications, risk analyses, impact assessments, and security consulting.

Of course, you will work according to Region Skåne's values. As they are keen to find the right person, great importance will be placed on personal suitability.

Mandatory qualifications:

• Experience working with information security and data protection and familiarity with, for example, the ISO 27000 series
• Good knowledge of relevant legislation such as the General Data Protection Regulation (GDPR), the NIS2 Directive, and other national legislation affecting the processing of personal data (e.g., OSL and the Patient Data Act)
• Documented practical experience of risk analysis and risk management from an information and IT security perspective
• Documented program/project experience with information security and data protection work
• Relevant education focused on information security and data protection or documented experience deemed equivalent
• Knowledge and experience of the concepts Security by Design and Privacy by Design

Desirable qualifications:

• Knowledge of cybersecurity within the domains of IT, MT, and/or OT
• Experience leading programs, projects, or process work
• Experience in information security and data protection work in public administration

Personal qualities

To thrive and succeed in the role, it is important that you, in addition to possessing relevant knowledge and experience, have good judgment and the ability to make accurate assessments and priorities when analyzing various problem situations.

Additionally, you need to be solution- and collaboration-oriented and, together with other experts, contribute to finding alternative approaches. Furthermore, you have a good ability to weigh legal dilemmas against the opportunity to be at the forefront of technology regarding AI and data management.