Chief Specialist - Information Security Governance, Risk and Compliance

We are looking for an experienced Information Security specialist to take the lead in managing
third-party risks, integrating data privacy considerations, and in driving NIS2 directive compliance across our IT & digital landscape.

This key role will ensure that the company adheres to international and local regulations, corporate governance standards and best practices, while maintaining the security of its information assets. The role is positioned within the Information Security GRC Team, part of the CISO organization in IT department.

How you will make an impact

You will be responsible for driving our Third-Party Risk Management agenda in relation to IT systems, applications, platforms, etc. in Arla, and for ensuring compliance with NIS2 directive requirements. You will collaborate closely with Legal, Procurement and across IT departments, enabling secure and privacy-compliant solutions for global Arla.

Third-Party Risk Management, Privacy Compliance

Lead and evolve the Third-Party Risk Management (TPRM) framework, embedding it across business units and supplier engagements.
Lead risk assessments for third-party vendors, with an emphasis on data privacy, security controls, and contractual safeguards.
Ensure that vendor risk assessments are embedded from the outset of new projects, partnerships, and digital initiatives—supporting secure-by-design practices from day one.
Drive a program for regular security reviews of strategic and high-risk vendors, ensuring evolving threats, compliance gaps, and control deficiencies are continuously managed.
Work closely with IT Risk Management to align vendor-related risks with the broader enterprise risk landscape
Collaborate with Procurement and Legal teams to integrate security and data privacy criteria into vendor selection processes, enabling risk-informed decisions before onboarding.
Collaborate with Legal on GDPR and data privacy compliance to embed privacy design across systems and processes.
Collaborate with senior leadership, business units, and external auditors to ensure that security practices are understood and integrated into the broader business strategy.

NIS2 Compliance & Governance

Ensure internal policies, controls, and monitoring practices meet the directive’s operational resilience, incident reporting, and supply chain requirements.
Drive the implementation of NIS2 compliance programs, aligning with business and IT strategies.
Identify and assess critical suppliers, partners, and internal systems in scope for NIS2.
Define security measures proportionate to risk and regulatory obligations.
Monitor adherence to NIS2 requirements, supporting risk-based reporting to executive leadership.

What will make you successful

Candidates with background in both Legal AND Cyber Security areas are preferred.

You are focused and persistent about achieving goals and can create great collaboration between Legal, Procurement and global IT teams. You know how to plan your tasks and stick to your plan and follow-up where needed. You will be working with a complex stakeholder environment, thus you have great facilitation skills and thrive engaging with people of different cultures and from various backgrounds.

Furthermore:

Master’s degree in Information Security, Cybersecurity, IT or a related field,
10+ years of experience in Information Security Governance, working extensively with risk management and legal compliance.
Candidates with background in both Legal AND Cyber Security areas are preferred.
Certifications like CISSP and CISM are highly valued in the recruitment process.
Strong knowledge of regulatory and compliance frameworks such as NIS2, GDPR, ISO 27001, NIST,
Excellent communication skills, with the ability to present complex security topics to senior leadership and non-technical stakeholders,
Experience working in a large, global organization with a complex technology landscape,
Ability to work in a fast-paced, dynamic environment
High level of integrity and accountability
Experience in Agile delivery methodology - would be a plus,
Speak and write English effortlessly.

Please note that this role requires you to be in the office 50% of the time + one additional day (monthly).

What do we offer?

Global Shared Services is truly a global setup. As such, you will have the opportunity to collaborate closely with business areas across cultures and borders. You can bring your knowledge and understanding into the mix to break new ground with Customer Service in Global Shared Services.

What do we offer?

International operating environment
Medical care & life insurance
Additional benefits like gym card, vouchers, travel points or cinema tickets, etc.
Scandinavian working style & no dress code
Trainings with experts & professional induction & development programs
Financial support of your education
Relocation package
Referral program for employees
Employee Assistance Program (legal, psychological, health, financial consulting, etc. )
Support for your healthy lifestyle (fruit day, facility for sportsmen, sport challenges and activities, Arla active teams / sport groups)
Flexible working time and home office work possibility depending on business needs
Additional holiday depending on length of employment (up to 4 days)
Fully paid 30 min. break

… while in the office you can also use some of below:

Modern office space with beautiful view and high standard furniture (i.e. adjustable desks)
Spacious canteen, delicious coffee and tea available on every floor in special designed spots
Chill-out rooms with X-box, pool table, board games, football table and swing