Information Security Officer at SMHI

Do you want to play a key role in protecting and developing information security at one of Sweden's most vital authorities? SMHI is now looking for a committed and strategic Information Security Officer who wants to work with and develop the authority's work in information security.

Information security is about protecting information from unauthorized access, ensuring it is always available when needed, ensuring that only the right people can access it, and preventing risks that may threaten the security of the information.

With an increased focus on information security and security protection due to SMHI's role as a preparedness authority and Sweden's NATO membership, it is crucial that we adapt our measures to meet the threats and challenges that may be directed at our vital operations.

We need to adapt and develop our security measures to protect SMHI's information assets. We focus on identifying potential threats, improving our incident preparedness, and strengthening our information security routines. By continuously following up and adapting our security strategies, we ensure that SMHI meets the national and international security requirements placed on us as a preparedness authority. Through this work, we want to secure SMHI's ability to continue delivering vital services, even in times of heightened security risks.

This position is located at the Coordination Unit in the Management and Operational Support Department. A new unit for Security and Preparedness will be established during the year. The department gathers functions that work with management and support for the entire SMHI operation, with the ambition of providing effective, clear, and organization-wide support.

About the Role

You will have a central role in SMHI's work with information security and you will have a strategic, leading, and governing responsibility with mandate. You will work to ensure that the organization's information is protected through structured approaches to risk management, governance, compliance, and security culture. You will proactively analyze, identify, and implement security measures while contributing to strengthening a security-aware culture within the organization. The role also supports the organization in integrating information security into processes, systems, and projects.

Your main responsibilities include:

• Leading and developing the organization's strategic information security work
• Leading the information security coordinators of the departments
• Establishing and further developing management systems for information security (not certified according to ISO 27001). The management system for quality and environment is ISO certified
• Responsible for risk management and risk analyses related to information and IT
• Developing and managing governing documents, policies, and guidelines
• Being part of monitoring the external environment in the security field
• Ensuring compliance with laws, requirements, and standards
• Acting as an advisor to management and operations
• Part of working with mapping and classification of all information
• Contributing to the development of security culture and training efforts
• Collaborating with external actors, such as authorities, suppliers, and partners
• Participating in audits, reviews, and supervision

About You

Requirements:

• Post-secondary completed education in information security or, for example, computer science, data science, or law, or equivalent experience as assessed by SMHI
• Several years of work experience in information security
• Good knowledge of:
• information security governance and risk management
• the standards ISO/IEC 27001/27002
• information classification and risk analysis methods
• legislation and regulatory requirements, such as: GDPR, NIS2, CER, OSL, Cybersecurity Act, and Security Protection Legislation
• incident management and continuity management
• basic IT and cybersecurity principles
• Very good ability to express yourself in Swedish, both orally and in writing
• Good knowledge of English, both orally and in writing
• Basic IT skills, good knowledge of MS Office

Meritorious:

• Education in information security
• Certifications such as CISM or CISSP, NIST, CRISC, Cybersecurity Framework, and CIS Controls
• Experience from the public sector, security protection work, and/or IT security
• Experience in planning, leading, and driving work from start to finish
• Experience in audit work
• Experience in security work in complex IT environments

We are looking for a strategic and self-driven person with strong analytical skills. You have a high security awareness and integrity, and can balance operational and strategic perspectives. Since the role involves handling confidential information, it is of utmost importance that you have a good understanding of security protection and the ability to work responsibly within these frameworks. You communicate clearly, have good collaboration skills, and can translate complex requirements into concrete actions. Additionally, you have the endurance and drive to see projects through to completion.

Employment type: Permanent employment

Location: The position is based in Norrköping but includes security work for SMHI's operations throughout the country.

Application deadline: March 29, 2026

Read more about SMHI as an employer and about our offerings here (#).

SMHI is a Swedish expert authority with a global perspective and a vital task in forecasting changes in weather, water, and climate. Based on scientific foundations and through knowledge, research, and services, we contribute to increasing the sustainability of society as a whole. Every day, around the clock, year-round.

SMHI is a preparedness authority, and as an employee, you may be placed in a war position at the authority.

The employment may involve placement in a security class. Approved security clearance with background check according to the Security Protection Act (2018:585) is then a prerequisite for employment and may require Swedish citizenship.

Keep in mind that the documents and information you send to SMHI through your application become a public document. This means that all material in the application, including attachments, may need to be disclosed to those who request it if the information is not covered by confidentiality according to the Public Access to Information and Secrecy Act. Be sure to write primarily what you consider relevant in relation to the requirements of the position. Consider your privacy and avoid providing information that contains sensitive personal data, information about your or a relative's health, political opinions, or religious beliefs.