At Fiskars Group we are unified and driven by our common purpose: pioneering design to make the everyday extraordinary. Join our team and seize the extraordinary opportunity to influence the everyday!
We are looking for an experienced security professional to join our Cyber Security & Data Privacy team as a Cyber Security Architect. The position reports to the Senior Cyber Risk Manager and is part of the Chief Information Security Officer (CISO) team within the Digital & IT organization.
The Cyber Security Architect is responsible for designing, evaluating, implementing, and managing security architectures to support business objectives while maintaining risks and enabling secure enterprise systems and processes within our Digital & IT landscape. The role focuses on aligning security strategies with Fiskars goals, strategy, and Digital and IT plans, addressing both technical and business requirements. The Cyber Security Architect ensures the security posture evolves with emerging risks and opportunities.
The Cyber Security Architect needs to review and understand our current overall security posture, security measures, and weaknesses, and to design a target-state and roadmap together with Enterprise Architecture and different IT teams. The objective is a holistic technical security architecture to ensure Fiskars Group business continuity considering people, processes, and technology related to securing data, identities, cloud platforms, application/software development, on-premises infrastructure, networks, and endpoint devices. The Cyber Security Architect will also participate in development programs and projects including sourcing and procurement of services.
Your main responsibilities:
* Business-Driven Security Architecture
o Define and maintain Security Principles aligned with Enterprise Architecture of Fiskars Group.
o Collaborate with stakeholders to identify and document security requirements aligned with business needs.
o Develop a comprehensive security architecture roadmap that addresses business goals, risk priorities, and technical environments.
o Ensure security designs support critical business initiatives and are traceable to business outcomes.
* Security Architecture Development
o Design security architectures across all lifecycle phases, from strategy and planning to implementation and ongoing management.
o Develop architectures that address key security perspectives (e.g., assets, risk, processes, people, locations, and time).
* Risk and Threat Management
o Identify, analyze, and prioritize risks and opportunities affecting enterprise security.
o Design appropriate controls and mitigation strategies to address emerging threats and vulnerabilities while enabling business agility.
* Policy and Standards Alignment
o Develop and enforce security policies, standards, and guidelines aligned with Fiskars, regulatory, and industry requirements (e.g. NIST CSF 2.0, or relevant frameworks).
o Support integration of security into enterprise and solution architectures.
* Solution Design and Implementation
o Provide end-to-end security design for enterprise solutions, ensuring secure integration into IT and operational ecosystems.
o Collaborate with IT, development, and operations teams to embed security into system designs and software development lifecycles (SDLC).
* Governance and Performance Management
o Develop and maintain a security governance framework to ensure accountability and continuous improvement.
o Define and monitor security metrics and key performance indicators (KPIs) to measure effectiveness and alignment with business goals.
* Ongoing Security Lifecycle Management
o Manage the full lifecycle of security services and controls, ensuring continuous monitoring, improvement, and adaptation to changing business and risk environments.
o Support security incident response, recovery, and lessons-learned activities.
* Collaboration and Leadership
o Act as a trusted advisor to business and IT leadership on security architecture topics.
o Lead and mentor cross-functional teams to promote secure design principles and best practices.
o Maintain and enforce a balanced IT / technical security level as documented in the Information Security Management System (ISMS).
o Maintain IT security control framework together with other roles in Cyber Security & Data Privacy team.
o Interface with the Fiskars Group outsourcing partners and support them in delivering secure services to Fiskars Group as agreed in the contracts.
Experience & knowledge:
* Education:
o Bachelor Degree in Computer Science (or similar).
* Experience:
o 8+ years’ experience in the cybersecurity architecture or related domain within a challenging global environment.
o Strong working knowledge of IT and cyber security technologies and risks.
o Broad experience within IT, understanding how IT and business processes are linked, and deep knowledge from project or process management.
o Strong mixture of experience in areas of security including cloud technologies, software development, compute, network, endpoints, identity and access management.
o Experience with Azure or other cloud platforms and their security tools.
o Good knowledge of tools, technologies, and trends in the market; staying up to date on industry best practices, trends, and technologies.
o Good knowledge of security frameworks, governance, and compliance requirements (e.g., EU/GDPR, ISO 27001, NIST CSF, CIS, ITIL).
* Skills:
o Strong understanding of security architecture principles, enterprise systems, and security controls.
o Proficiency in risk management, governance, threat modeling, vulnerability management, and security assessment methodologies.
o Excellent analytical, problem-solving, and communication skills.
o Ability to translate complex security concepts into actionable business terms.
* Certifications:
o Relevant certifications like CISSP, CCSP or SBASA(SCF), ToGAF 10.
* Fluent written and spoken English – English is the working language.
Experience of managing other security, data, or risk regulatory frameworks with a strong security focus (e.g. PCI DSS) would be a plus but not required.
To succeed in the role, you benefit from the ability to build collaborative relationships with different stakeholders. You are confident advising our lines of business. You understand the bigger picture, how things are connected, and can bring value to different units and accelerate change.
This position offers you a great opportunity to use your skills and further develop yourself as a cyber security professional. We have a team of professionals with strong ambition to improve security posture and maturity.
Last day of application: 2025-02-03
#J-18808-Ljbffr