Director of Tech Security

Location Sweden, Stockholm Apply by 2024-06-29

At Strawberry, were on a quest to redefine the hospitality experience through innovation & technology. In 2023 we launched our new mother brand, Strawberry, and we are transforming from a traditional hotel company to become a universe of offers and experiences towards our guests and customers. This will result in many new interesting development areas in the upcoming years and an opportunity to influence the companys future.

We’re on the hunt for a dynamic Director of Tech Security who will be key in ensuring end-to-end information security for the Strawberry company group. You will also be important in our work to increase awareness of security and privacy issues across its business units, hotel chains, applications, technologies and business process areas.

This role will be a part of the leadership group in Technology, and report directly to Senior Vice President Technology.

What you will be doing:

You will work closely on the multiple business owners, understanding the key business drivers behind use, exchange and combination of information, as well as the need to protect the same information from unauthorized access or theft, and to ensure required data quality and compliance with laws and regulations. This balance between business needs, flexibility and restrictions is and will be challenging within a group of several hundred limited liability companies, and with a company culture geared towards autonomy and innovation.

Establish and get management commitment for overall objectives, measures and strategies related to information security, including handling of data privacy, cybersecurity and regulatory compliance.

Ownership of risk and issue management for the information security area, including policies and processes for how such risks and issues should be prevented, detected and mitigated by business units, suppliers, projects and application areas.

Establish and follow up policies, processes and solutions targeted at protecting the company group’s information resources, including policies for identity and access management, protection of API keys, penetration tests, segregation of network segments and other means required to minimize risks of cyberattacks.The enforcement and implementation are managed by the respective organizational units

Establish disaster recovery across applications and business process areas, including how such needs should be incorporated in service level agreements with and follow-up of suppliers providing the group’s business-critical SaaS applications.

Participate in Strawberry Security Fora, along with Group Governance, DPO and other relevant stakeholders

Work closely with involved business units to establish plans and processes to ensure business continuity in various disaster recovery scenarios.

Increase the awareness of security risks and mitigating actions in the company group, by providing availability and rollout of appropriate training programs.

Set the key requirements for monitoring access to vital information sources, and work closely with infrastructure vendors and internal infrastructure specialists in establishing such monitoring.

Set the requirements and standards for GDPR and PCI compliance across the group in close collaboration with DPO and Group Governance

Work closely with group accounting and the lead solution/enterprise architect to set requirements and standards for master data management and handling of audit trails across applications, ensuring data quality required for good financial control.

Set the ‘security by design’ requirements and standards to be followed by projects establishing new (IT) solutions, and establish the review mechanism for validating such requirements and standards at well-defined checkpoints.

We are looking for a person with:

High ability to navigate, facilitate and motivate in a landscape with strong stakeholders and partly autonomous business units, including business units which are franchise takers and therefore cannot be fully controlled by Strawberry.

A commercially driven mindset supporting the group’s business managers in increasing their revenue and profitability, while at the same time balancing information security risks against costs and perceived challenges in mitigating such risks.

Strong storytelling skills, with the ability to communicate with both business people and technical specialists at different levels, in a non-technical language where required, and with focus on the impact for the person and business unit that you communicate with.

A strong passion for information security, with a deep understanding of risks and issues related to handling a modern portfolio of cloud-based SaaS solutions.

A strong passion for how strategic use of information can help Strawberry create and sustain a competitive edge in the hospitality industry, with willingness and ability to act as a trusted advisor for top and middle management on concerns and opportunities related to IT and information security.

The right person will probably have a technical bachelor or master degree, combined with a strong drive towards and interest in business development. Or you may have a degree in law or business administration, with a strong drive towards understanding and applying advanced technologies for fighting cybersecurity.

You have probably several years of experience as a leader, with a demonstrated ability to drive change in a positive way.

We expect that you have formal training as well as practical experience working with:

• Databases, SaaS applications and cloud-based infrastructure.
• Security mechanisms for fighting cybersecurity.
• Risk management principles and processes.

What we can offer you:

• A truly unique opportunity to be a part of a success story. In five years, you will proudly say “we did that”.
• A flat organization with trust and autonomy in your work. We are rebels that support innovation without imposing strict corporate rules.
• Professional development and growth opportunities.
• Plenty of social events including smaller gatherings with your team and huge get-togethers with the whole Strawberry family!
• Great benefits! In addition to our collective agreement, we also offer staff discounts and friends & family rates at our 200+ hotels.

We do not offer a remote position, you will need to be based in our office in Stockholm or Oslo.

If, after reading this job description, you thought, "Wow, they just described me," and felt a sensation in your stomach, then we would love to hear from you. Interviews will be held on a rolling basis, don’t wait to submit your application!

We are Strawberry. With over 225 hotels, 120 restaurants, 20 spas and more, we create thousands of experiences every day. With urban Comfort Hotel®, warm Quality Hotel™, stylish Clarion Hotel® and cosy Clarion Collection® Hotel and more than 40 unique independent hotels, our guests can pick and choose. Our team of 17 000 passionate individuals from more than 120 countries is what makes up our company – diversity is what makes us grow! Strawberry is built on our core values: energy, courage and enthusiasm.