
Åhléns AB · Stockholm
Om din roll Som Information Security, Compliance & Risk Specialist arbetar du strukturerat och verksamhetsnära med att omsätta krav inom informationssäkerhet, r...
Om din roll
Som Information Security, Compliance & Risk Specialist arbetar du strukturerat och verksamhetsnära med att omsätta krav inom informationssäkerhet, regelefterlevnad och riskhantering till praktiskt värde. Du bidrar till att säkerställa efterlevnad av regelverk och är en viktig del i arbetet med att identifiera, förebygga och följa upp risker i en komplex omnichannel-verksamhet.
Du samarbetar tätt med funktioner inom verksamheten och externa aktörer och verkar i gränslandet mellan teknik, regelverk och affär i frågor som rör dataskydd, compliance och risk. Rollen kombinerar operativt arbete med analys, uppföljning och utveckling av arbetssätt inom säkerhet och compliance.
Stödja och vidareutveckla Åhléns arbete inom informationssäkerhet, compliance och risk
Säkerställa efterlevnad av lagar, regelverk och interna policys som berör GDPR och PCI DSS
Genomföra och följa upp riskbedömningar kopplade till informationssäkerhet, betalflöden, system och leverantörer
Delta i arbete kring bedrägeririsker (fraud), incidenthantering och uppföljning av förbättringsåtgärder
Analys och följa upp säkerhetsincidenter, avvikelser och identifierade förbättringsåtgärder
Bidra till framtagning och uppdatering av styrande dokument, riktlinjer och utbildningsmaterial
Delta i bedömning av säkerhets-, risk- och compliancekrav vid upphandling, onboarding och uppföljning av externa leverantörer.
Omvärldsbevaka relevanta förändringar inom regelverk och praxis avseende informationssäkerhet, dataskydd och betalningar, samt bidra med analyser och rekommendationer kring nödvändiga åtgärder.
Åhléns är ett välkänt retailbolag med över 120 års historia och en tydlig ambition att fortsätta utvecklas genom digitalisering, innovation och hållbara arbetssätt. Hos oss får du arbeta i en affärsnära roll där säkerhet, risk och compliance är en självklar del av vår tillväxtresa.
Du blir en del av ett engagerat team och får möjlighet att påverka, samarbeta tvärfunktionellt och utveckla arbetssätt i en organisation med högt tempo och stort kundfokus.
Några års erfarenhet av arbete inom informationssäkerhet, IT-risk eller compliance
God kunskap om GDPR och dataskydd
Erfarenhet av eller god förståelse för PCI DSS och betalrelaterade säkerhetskrav
Erfarenhet av riskanalyser och uppföljning av säkerhets- och complianceåtgärder
Meriterande: erfarenhet från retail, e-handel eller betalningsintensiv verksamhet samt kännedom om standarder som ISO/IEC 27001.
För att lyckas i rollen krävs att du är strukturerad, analytisk och lösningsorienterad, med god kommunikativ förmåga och ett affärsmedvetet förhållningssätt. Du trivs med att arbeta självständigt och tvärfunktionellt i en föränderlig miljö.
Om rekryteringen
Tjänsten är en tillsvidareanställning på heltid. Du är placerad på vårt huvudkontor på Dalagatan 100 och vi ser gärna att du kan börja hos oss så snart som möjligt.
Urval och intervjuer kan komma att ske löpande och tjänsten kan tillsättas innan sista ansökningsdag, så skicka in din ansökan redan idag!
Som Information Security, Compliance & Risk Specialist på Åhléns blir du en del av ett passionerat team som drivs av affärsmannaskap och entreprenörskap. Vi ger dig förtroende och möjligheten att växa i en utvecklande miljö. Med det hälsar vi dig varmt välkommen till Åhléns!
Want to shape the entire information security landscape behind one of the Nordics’ most well-known e-commerce marketplaces? At CDON Group, security is a strategic foundation for our growth, data-driven operations, and future innovation. We’re now strengthening our security capabilities and are looking for an Information Security Specialist who wants to take ownership, drive development, and ensure that security is embedded across our products, platforms, and teams. About us Join us at CDON Group, a Swedish listed company with a long history and extensive experience in the e-commerce market. Our mission is to unleash the power of the marketplace to give the best shopping experience in the Nordics. We are dedicated to providing great online shopping experiences and are on the lookout for an Information Security Specialist to join us on this journey for our two Nordic marketplaces: CDON and Fyndiq. About the role This role combines hands-on security work with broader ownership of how we structure, govern, and communicate information security across the company. You will sit within IT but collaborate closely with Legal, Finance etc, as many topics touch on compliance, GDPR, NIS2, the AI Act, and regulatory inquiries. At the same time, we are navigating a unique balance. We are pragmatic, entrepreneurial, and fast-moving, yet also a publicly listed company with expectations on governance, compliance, and structure. This creates an environment where you will help build processes that do not fully exist today, while still working close to the business and making real impact quickly. Some areas of focus include: Helping build security processes and routines, both maintenance and from the ground up Supporting the entire organization with practical, understandable security guidance Working with both technical and non-technical stakeholders Helping raise security maturity while keeping the business moving forward Responsibilities include You will have both structured responsibilities and day-to-day practical tasks. Key areas include: Developing and maintaining information security policies, governance, and documentation Driving risk management activities across systems, suppliers, processes, and new initiatives Ensuring alignment with frameworks such as ISO 27001, NIS2, and GDPR Collaborating closely with Legal on data protection, AI governance, and regulatory communication Supporting IT, infrastructure, and engineering teams with operational security tasks You will also work hands-on with: • Google SecOps and our existing tooling • Vulnerability management • Access and identity management • Coordinating external penetration tests and understanding results • Leading internal training, awareness efforts, and phishing exercises Part of the role also involves presenting findings and explaining why security requirements exist — not just what they are — in ways that engage and motivate colleagues across the business. Qualifications and requirements We are looking for someone who can understand, interpret, and communicate both technical and regulatory requirements. Relevant experience and traits include: A couple of years in information security, IT security, or data protection Relevant degree for the role Understanding of GDPR, NIS2, and IT risk work Strong communication and presentation skills The ability to learn and work with security tools such as Google SecOps Full professional proficiency in Swedish and English Pragmatic mindset and the ability to balance speed with governance Ability to work regularly from Stockholm to collaborate effectively with Legal and support incident handling Some tasks require hands-on IT security understanding, but you do not need to be a programmer. Support is available from backend teams for highly technical areas. What we offer An opportunity to be part of a unique growth journey, actively contributing to the success of the leading e-commerce marketplaces in the Nordics. A collaborative and dynamic work environment, with passionate colleagues who believe in CDON Group’s mission Competitive compensation package, including benefits such as pension and insurance through Max Matthiessen and MyBenefit portal. Career growth opportunities within a rapidly evolving company. Application Process: Please attach your resume and a brief cover letter outlining your interest and suitability for the job. We will be conducting interviews with candidates on an ongoing basis. To ensure a professional and unbiased assessment, we will ask candidates to perform a combination of logical reasoning and personality tests as part of the process.
About the Role We are looking for a Security & Compliance Engineer to help ensure security across our internal digital landscape. Reporting to Tacton’s Security & Compliance Manager, you will play a key role in ensuring that our systems, integrations, data flows, and vendor ecosystem are secure by design and in operation. This role focuses on internal systems and corporate security architecture, including infrastructure, integrations, and third-party services. You will combine architectural thinking with hands-on expertise and act as a trusted partner to IT, Engineering, and business stakeholders. You will have a direct impact on how we design, connect, and secure our systems as we continue to grow globally. This is a high-impact role for someone who understands modern digital environments and how to secure them end-to-end. What You Will Do Internal Security & Risk Lead security assessments of systems, integrations, and data flows Conduct technical risk analyses for system implementations and vendor onboarding Perform threat modelling and security reviews Define and implement security requirements for infrastructure and cloud environments Help establish and maintain security guardrails across identity, access, encryption, and integrations Proficiency in risk management Knowledge of emerging cybersecurity threats and trends Vendor & Third-Party Security Define and enforce security requirements in procurement processes Conduct supplier security assessments and due diligence Evaluate third-party risks from a cybersecurity perspective Governance & Compliance Maintain alignment with ISO 27001 and SOC 2 Type II Contribute to policies, standards, and security guidelines Support incident investigations Act as a subject matter expert in audits and internal forums What Will Help You Thrive 5+ years of experience in cybersecurity, information security, or a related field Strong technical foundation in cloud, networking, identity & access management, and system integrations Strong communication and stakeholder management skills Experience conducting technical risk assessments and security reviews Familiarity with ISO 27001 and SOC 2 Type II Ability to understand complex system landscapes and data flows Comfortable working cross-functionally with IT, Engineering, and Legal Certifications such as CISSP, CISM, or CISA are a plus Degree in Computer Science, Engineering, or a related field Who We’re Looking For We’re looking for someone with a strong hands-on, doer mentality who is focused on getting things done and creating real impact. You are pragmatic, prestigeless, and motivated by outcomes. You thrive in dynamic environments where responsibilities are broad, and you feel comfortable navigating uncertainty and solving problems independently. You are curious by nature, proactive in your approach, and continuously looking to learn and improve both yourself and the way things are done. Why Tacton? At Tacton, we’ve been building CPQ software for over 20 years. We’re a stable company with global customers and a product that’s central to how manufacturers sell We offer competitive benefits, flexibility in how we work, and a culture that values learning and collaboration A solid and stable company with over 20 years of industry experience. Flexible hybrid setup - 3x a week at the office 33 days of paid time off – 30 vacation days plus 3 extra to make sure you get the rest you deserve. Premium occupational pension – Our pension plan goes beyond ITP1, with higher employer contributions depending on your age and salary level. Generous wellness allowance – 5,000 SEK annually to support your health and wellbeing. Private healthcare insurance – Skip the waiting lines and get quick access to private medical care, including specialist consultations and treatments. Parental leave top-up – We top up your parental leave so you receive up to 90% of your base salary for up to 6 months, helping you focus on your family without financial stress Weekly treats – Fika one week, breakfast the next, because good food brings people together. This role is based in Stockholm, where we have invested in creating our unique home right next to Hötorget station. Tacton is a leading Software as a Service company trusted by global manufacturers. We got started in the late 1990s when six computer scientists figured out a revolutionary way to help Manufacturers overcome their most business-critical, product configuration challenges. Since those early days, we have grown to support global manufacturers seeking to thrive in a changing world. We invite you to find out more about us @ www.tacton.com/about
Build the Future of Technology with Professional Galaxy AB Join a network of talented engineers, developers, cloud specialists, and AI innovators working on impactful projects across Sweden and Europe. At Professional Galaxy AB, we connect top tech talent with organizations driving digital transformation in areas like cloud computing, software engineering, data, cybersecurity, and artificial intelligence. Explore exciting opportunities and grow your career while working with cutting-edge technologies and forward-thinking teams. We are looking for a Cyber Security Advisor Responsibilities: Act as a trusted advisor to management and key stakeholders, ensuring cybersecurity considerations are integrated into decision-making Ensure cybersecurity best practices align with business objectives and delivery goals without hindering operational efficiency Provide cybersecurity expertise during projects and engagements to mitigate risks and enhance security controls Work with cross-functional teams to enhance the organization’s overall cybersecurity resilience Identify, assess, and provide guidance on mitigating cybersecurity risks across business functions Support compliance with relevant cybersecurity laws, regulations, and industry standards Contribute to the development and implementation of security strategies, policies, and frameworks Promote cybersecurity awareness and best practices among employees and stakeholders Qualifications: Typically 10+ years of experience in cybersecurity, information security, IT governance, risk management, or compliance Bachelor’s degree in Computer Science or related field (or equivalent experience) Proven leadership in security governance frameworks, policies, and strategies Experience aligning security and data privacy with business objectives at a strategic level Hands-on experience with enterprise risk management and compliance frameworks (e.g., GDPR, ISO 27001, NIST, PCI DSS) Strong expertise in third-party/vendor risk management Experience in security incident response and crisis management Ability to influence senior leadership and board-level stakeholders Additional qualifications (optional): Strong communication skills and stakeholder management Business understanding with security impact awareness Ability to analyze and mitigate security risks Certifications such as CISSP, CIPM, CISA, ISO/IEC 27001 Lead Auditor Specializations such as AI Governance, Cloud Security, or CIPP/E Uppdragsinformation: Uppdragslängd: 2026-05-04 – 2026-09-30 Placeringsort: Stockholm Svar önskas snarast, dock senast 2026-05-03. How to Apply: Please apply via the Professional Galaxy AB portal with: Your updated CV Your availability to start A motivation statement describing your suitability Please note: Applications via email will not be accepted. All applications must be submitted through the portal. Öppen för alla Vi fokuserar på din kompetens, inte dina övriga förutsättningar. Vi är öppna för att anpassa rollen eller arbetsplatsen efter dina behov.