Matilda Tidlund

My accountability/responsibility as the CSO/CISO is strategical, tactical and operational and for all security disciplines, all northvolt´s sites, in all countries and for all subsidiaries.

My first task was to define the organisation and needed job roles and then implement and execute to build it. While recruiting, supporting the rest of the organisation, catch up with the years without anyone thinking of security, handle "fire fighting"-topics, I as well defined the long term target/strategy for security at northvolt.

During my soon four years I’ve build the organisation, created an ISMS with security library and governance and achieved both TISAX label 3 and AEO-S certifications required by our customers, established an inhouse Cyber Defence Centre and standardised the physical security for our sites.

The Security organisation is divided in the following areas:

• Information Security - Enterprise architecture, ISMS, Governance, Risk Management, Compliance and certifications.
• Cyber Defence Centre - in-house security monitoring & operations, incident management, threat intelligence, Offensive- and defensive security testing, Forensic and investigations.
• Security design and engineering - Physical design, installation and commissioning in northvolt´s constructions project, security project management and security design for security controls.
• Physical security - Physical security site management, implementation and maintenance of access control, CCTV, intrusion alarm, security guards and site physical security control centre/SOC.

The organisation has step by step increased and improved, and gone from myself taking on a lot of different roles within all disciplines to having a fantastic team with senior competences onboard. However, always being very few in relation to the rest of the company forced us to adjust, improve and work efficient.

In addition I´ve supported regarding personnel protection to Executive Management, security regarding Onboard- and offboarding such as background control matrix and suppliers. Establishing a process of how to handle 3rd party supplier security, creating Frame agreements for the security suppliers and establishing relationship with the "Swedish environment work agency", local Police at each site, the "Swedish Economic Crime Authority" and the "Swedish Security Service". During the last months I´ve spent part of my time establishing a process for divesting/carving out parts of the company in a secure way.

• Main focus from start was to prepare and structure the company for sale and divestment from Monterro which took place in July 2022.
• Collaborated with other board members to develop and execute programs and initiatives to advance organizational mission.
• Reviewed financial reports, budgets, and audit results to monitor the organization's fiscal health.

My responsibility as CSO and Head of Group Security included strategic, tactic and operational responsibility for Telia Company´s security in 6 countries and for the Group functions.

First job was to define the organisation and then implement and made sure execution was made.

In the organisation we hae the following teams:

• Governance & Architecture-team was responsible for policys, instructions, guidelines and standards as well as our Security Governance, which includes a ISO27001-certificate. To set and review the security architecture and guide&support regarding security questions related to Swedish large enterprise Bid´s are other responsibilities.
• The" ICT-security"-team was responsible for security regarding It, Networks and Workstations. There´s also "Purple"-team work done (combination of red/blue team)for IT, Networks, Cloud and Workstations and make sure all activities, projects, products to use the "Security by design"-process.
• The "Physical & Personal Security"-team was responsible for shops, offices, tech sites, fire, work environment, event- and travel security as well as crisis management. They also took care of security investigations.
• The "National Security Sweden"-team with focus on Swedish national security matters as "Säkerhetsskydd" (Security protective act), "Säkerhetsskyddschef", Lawful authority services.
• The "GSOC (Global Security Operation Center)"-team that worked both proactive and reactive and monitor, detect and mitigate as well as handle security incidents, including CERT and security intelligence.
• The "Total Defence"-team - single point of contact concerning everything related to "Totalförsvarsfrågor" (Total defence, geopolitical topics) for Sweden.

Within in my responsibility as CSO for Telia Sverige AB and Head of Security & Privacy included a responsibility for the following brands and organistaions Telia Sverige AB, Cygate, IBS, Halebop, Skanova etc.

My main focus was to review what was made regarding security within the organisation, collect individuals, restructure and suggest a new organisation.

Some of the main focus areas were:
• Information and ICT security, including national security, Total defense and Lawful Authority services
• Physical & Personal security
• Privacy & Data Governance
• Business Continuity & Production readiness

Between 1/12-16 and 1/5-17 I as well had my previous role as "VP and Head of Fixed Telephony & Datacom".