Chief Specialist - Information Security Governance, Risk and Compliance - Gdańsk

We are looking for an experienced Information Security specialist to take the lead in managing
third-party risks, integrating data privacy considerations, and in driving NIS2 directive compliance across our IT & digital landscape.

This key role will ensure that the company adheres to international and local regulations, corporate governance standards and best practices, while maintaining the security of its information assets. The role is positioned within the Information Security GRC Team, part of the CISO organization in IT department.

How you will make an impact

You will be responsible for driving our Third-Party Risk Management agenda in relation to IT systems, applications, platforms, etc. in Arla, and for ensuring compliance with NIS2 directive requirements. You will collaborate closely with Legal, Procurement and across IT departments, enabling secure and privacy-compliant solutions for global Arla.

Third-Party Risk Management, Privacy Compliance

• Lead and evolve the Third-Party Risk Management (TPRM) framework, embedding it across business units and supplier engagements.
• Lead risk assessments for third-party vendors, with an emphasis on data privacy, security controls, and contractual safeguards.
• Ensure that vendor risk assessments are embedded from the outset of new projects, partnerships, and digital initiatives—supporting secure-by-design practices from day one.
• Drive a program for regular security reviews of strategic and high-risk vendors, ensuring evolving threats, compliance gaps, and control deficiencies are continuously managed.
• Work closely with IT Risk Management to align vendor-related risks with the broader enterprise risk landscape
• Collaborate with Procurement and Legal teams to integrate security and data privacy criteria into vendor selection processes, enabling risk-informed decisions before onboarding.

• Collaborate with Legal on GDPR and data privacy compliance to embed privacy design across systems and processes.
• Collaborate with senior leadership, business units, and external auditors to ensure that security practices are understood and integrated into the broader business strategy.

NIS2 Compliance & Governance

• Ensure internal policies, controls, and monitoring practices meet the directive’s operational resilience, incident reporting, and supply chain requirements.
• Drive the implementation of NIS2 compliance programs, aligning with business and IT strategies.
• Identify and assess critical suppliers, partners, and internal systems in scope for NIS2.

Define security measures proportionate to risk and regulatory obligations.

• Monitor adherence to NIS2 requirements, supporting risk-based reporting to executive leadership.

What will make you successful

Candidates with background in both Legal AND Cyber Security areas are preferred.

You are focused and persistent about achieving goals and can create great collaboration between Legal, Procurement and global IT teams. You know how to plan your tasks and stick to your plan and follow-up where needed. You will be working with a complex stakeholder environment, thus you have great facilitation skills and thrive engaging with people of different cultures and from various backgrounds.

Furthermore:  

• Master’s degree in Information Security, Cybersecurity, IT or a related field,
• 10+ years of experience in Information Security Governance, working extensively with risk management and legal compliance.
• Candidates with background in both Legal AND Cyber Security areas are preferred.
• Certifications like CISSP and CISM are highly valued in the recruitment process.
• Strong knowledge of regulatory and compliance frameworks such as NIS2, GDPR, ISO 27001, NIST,
• Excellent communication skills, with the ability to present complex security topics to senior leadership and non-technical stakeholders,
• Experience working in a large, global organization with a complex technology landscape,
• Ability to work in a fast-paced, dynamic environment
• High level of integrity and accountability
• Experience in Agile delivery methodology - would be a plus,  
• Speak and write English effortlessly.  

Please note that this role requires you to be in the office 50% of the time + one additional day (monthly).

What do we offer?

Global Shared Services is truly a global setup. As such, you will have the opportunity to collaborate closely with business areas across cultures and borders. You can bring your knowledge and understanding into the mix to break new ground with Customer Service in Global Shared Services.

What do we offer?

• International operating environment  
• Medical care & life insurance  
• Additional benefits like gym card, vouchers, travel points or cinema tickets, etc. 

• Scandinavian working style & no dress code 
• Trainings with experts & professional induction & development programs
• Financial support of your education  
• Relocation package 

• Referral program for employees 
• Employee Assistance Program (legal, psychological, health, financial consulting, etc. ) 
• Support for your healthy lifestyle (fruit day, facility for sportsmen, sport challenges and activities, Arla active teams / sport groups) 
• Flexible working time and home office work possibility depending on business needs
• Additional holiday depending on length of employment (up to 4 days) 

• Fully paid 30 min. break  

… while in the office you can also use some of below:  

• Modern office space with beautiful view and high standard furniture (i.e. adjustable desks) 
• Spacious canteen, delicious coffee and tea available on every floor in special designed spots 
• Chill-out rooms with X-box, pool table, board games, football table and swing 

Read more about Arla Global Shared Services

Global Shared Services consists of multiple functions that are all placed in the Neptun building in Gdansk – with colourful offices and a beautiful sea view.

As of now, we have an IT Operations and an IT Solutions division dedicated to SAP as well as a variety of app development and implementation projects. Our procurement and finance functions support a wide array of processes such as purchasing, distribution and sales globally.

We also have a dedicated HR operations division to ensure we attract, develop and retain the very best of talent around the world.

Together, we are all dedicated to one collective mission: ensuring an optimal global supply of fresh Arla products – every single day.

Shape the Future of Dairy 

Arla is a global leader in the dairy industry, committed to producing high-quality products while championing sustainability and innovation. We're passionate about people and our planet, striving to unleash the full potential in each of us. Our goal is to make healthy dairy nutrition and good food habits accessible to all. Join us at Arla Foods and become part of a worldwide cooperative dedicated to making a significant impact on the planet and steering the dairy industry towards a sustainable future. 

We are devoted to creating a workplace where everyone feels valued and empowered to bring their authentic selves to work. Diversity and collaboration are key to our success, propelling us to new heights in the dairy industry. 

#LI-JUSKY
Ref.: 100623