Job Description
Location: Stockholm / Nordics - hybrid
Team: Group Infrastructure & IT Security
Reports to: Head of Infrastructure & IT Security (Group CTO)
About Newsec
Newsec is the largest commercial property services company in Northern Europe, operating across the Nordics and Baltics. Our Group IT function keeps the digital backbone of our business secure, reliable, and ready for what's next. As we mature our security operations and identity landscape, we're looking for a hands-on specialist who can bring structure, automation, and governance to two of the most critical areas in modern IT.
The Role
This is a dual-focused role at the intersection of operational security and identity governance. You will be responsible for making sure that the security controls protecting our infrastructure actually work in practice and that the people inside Newsec have the right access, at the right time, for the right reasons.
You will work closely with our vendors, internal IT managers across the Group, HR, CISO and the wider security and infrastructure teams. The role is both strategic and operational: you will help establish working methods and support day-to-day execution.
You will also play an important role in interpreting internal steering documents, policies, and governance principles within IT security, and turning them into clear operational requirements for vendors, IT managers, and internal teams. This includes helping the organization understand what the governing direction means in practice, how it should influence priorities and decisions, and how it should be reflected in day-to-day security operations and delivery.
Operational Security (Service Delivery Management)
Govern and continuously develop our Microsoft Purview environment — data classification, DLP, information protection and compliance controls.
Coordinate vulnerability management activities: scanning cycles, prioritization, remediation tracking with vendors and IT managers.
Drive our CSAT (Cybersecurity Assessment) program and translate findings into actionable improvements.
Plan and coordinate penetration testing activities with external partners and internal stakeholders.
Ensure security operations are correctly executed across our IT infrastructure areas — endpoint, network, cloud, and on-prem.
Act as the bridge between our security strategy and the vendors and internal IT teams who deliver day-to-day operations.
Collaborate closely with our SOC partner to monitor, investigate, and escalate security events, and continuously improve detection and response capabilities.
Support and coordinate incident response activities, ensuring effective handling, communication, and follow-up of security incidents across internal teams and external partners.
Support the development of cybersecurity awareness and training initiatives for employees together with the CISO.
Identity Governance & Administration (IGA)
Take ownership of our Entra ID governance and identity lifecycle.
Coordinate initiatives to establish robust Joiner-Mover-Leaver (JML) processes, with HR systems as the authoritative source.
Drive automation of access provisioning, role assignments and de-provisioning across Newsec's application landscape.
Help define and operationalize access reviews, entitlement management and least-privilege principles.
Partner with HR, business units, and application owners to make identity work for people, not against them.
Who we're looking for
We know the combination above is broad. You won't be a perfect match on day one — nobody is. What we care about is:
Solid experience in a senior specialist role within service delivery, security operations, or a similar function in an enterprise IT environment.
Hands-on familiarity with the Microsoft security stack — Purview, Defender and Entra ID in particular.
Experience coordinating with external vendors for security services (vulnerability scanning, pentests, MDR/SOC, etc.).
Understanding of identity lifecycle management and how HR-driven JML processes should work in practice.
A pragmatic, governance-minded approach: you like structure, but you ship.
Strong communication skills in English, Swedish or another Nordic language is a plus.
Bonus points for
Direct experience with IGA tooling and Entra ID Governance (Access Reviews, Entitlement Management, Lifecycle Workflows).
Background in vulnerability management programs or CSAT-style assessments.
Experience integrating HRM systems (e.g., SAP SuccessFactors, Workday, or similar) with identity platforms.
Relevant certifications (SC-100, SC-300, CISSP, ITIL).
Why this role is interesting
You’ll have a strong opportunity to influence how Newsec works with security and identity at Group level. The two areas are intentionally combined because we believe good security starts with knowing who has access to what, and we want one person supporting that work end-to-end through expertise, structure, and coordination.
What we offer
A senior position with broad scope and direct executive visibility.
A collaborative Group IT environment across the Nordics.
Flexible hybrid working.
Competitive compensation and benefits.
The chance to build, not just maintain.