Job title:
Senior Cyber Risk & GRC Analyst
Company
Omega 365
Job description
Omega 365 Consulting is a leading supplier of highly skilled project personnel in the oil and gas, renewable energy, and infrastructure sectors. We offer a wide range of consultant assignments, featuring many of the most exciting projects in Norway and internationally.DetailsDuration: 04.08.2025-31.12.2027
Location: Oslo, Trondheim or StavangerAssignment Description
- We are seeking a highly skilled and motivated Senior Cyber Risk & GRC Analyst to join our IT project team.
- This hybrid role is pivotal in strengthening our organization’s cyber resilience by assessing and mitigating risks, ensuring compliance with regulatory requirements, and supporting our overall cybersecurity strategy.
- The successful candidate will play a key leadership role in the development, implementation, and continuous improvement of our risk and compliance frameworks, policies, and processes.
- The position will be part of major project where digital deliveries covering the field of IT is a key part of the delivery.
- Full time position as consultant in a project organization
- Starting asap
- Estimated end date H2-2027
- Primary work location Stavanger but can also be Oslo / Fornebu with rotation to Stavanger on scheduled basis.
Cyber Risk Analysis
- Be in lead of the identification, assessment, and management of cybersecurity risks across systems, applications, and business processes.
- Perform needed threat modeling and vulnerability risk assessments to support secure system design and implementation.
- Through the established base and project organization, be part of monitoring work force working to identify internal and external threat landscapes and provide actionable intelligence to stakeholders.
- In the context of cyber develop and maintain risk registers and present findings to senior leadership and other relevant stakeholders.
- Collaborate with IT and business units to define risk treatment plans and track mitigation efforts.
Governance, Risk & Compliance (GRC)
- Maintain and enhance the Information Security Management System (ISMS) and ensure alignment with ISO 27001, NIST CSF, and other relevant frameworks.
- Conduct regular compliance reviews, gap analyses, and audits to ensure adherence to internal policies and external regulations (e.g., GDPR, PCI DSS, HIPAA).
- Support the development and maintenance of security policies, standards, procedures, and guidelines.
- Prepare and present reports for internal and external audits, certifications, and regulatory reviews.
- Lead risk and control assessments, including third-party risk reviews and vendor due diligence.
Leadership & Collaboration
- Act as a subject matter expert on cyber risk and GRC best practices.
- Mentor junior analysts and provide guidance to technical and non-technical stakeholders.
- Work cross-functionally with legal, IT, audit, and business units to embed security into organizational culture and processes.
Primary tasks
Conduct risk assessments to identify vulnerabilities and threats to the organization’s information systems, temporary project offices, data transport methods, and more.
Develop and implement strategies to mitigate identified risks and reduce the organization’s exposure to cyber threats.
Ensure compliance with relevant regulations, standards, and best practices (e.g., GDPR, ISO 27001, NIST).
Develop, implement, and maintain cybersecurity and GRC policies, procedures, and frameworks.
Lead and coordinate incident response efforts, including investigation, containment, eradication, and recovery.
Monitor and analyze emerging cyber threats and vulnerabilities, providing timely updates and recommendations.
Coordinate internal and external audits, manage audit findings, and oversee remediation efforts.
- Security Awareness Training:
Design and deliver security awareness training programs for employees to promote a culture of security.
- Physical site inspection:
When required travel to project site to do physical inspection with relevant teams like IT, OT and Security. Follow up on any previous findings, and evaluate if new threats needs to be raised as risks and mitigated.
Prepare detailed reports on risk assessments, compliance status, and incident response activities.
- Documentation Management:
Maintain accurate and up-to-date documentation of project related GRC processes, procedures, and incident response plans.
- Stakeholder Communication:
Communicate effectively with stakeholders at all levels, providing clear and actionable insights on cybersecurity and compliance matters.
- Vulnerability Management:
Conduct regular vulnerability assessments and penetration testing to identify and address security weaknesses.
Stay informed about changes in regulatory requirements and industry standards, ensuring the organization remains compliant.
- Third-Party Risk Management:
Assess and manage the cybersecurity risks associated with third-party vendors and partners.
Continuously evaluate and improve the organization’s cybersecurity and GRC practices to enhance overall security posture.Qualifications
- Bachelor’s degree in Information Technology, Cybersecurity, or a related.
- Minimum of 10+ years of experience in cyber risk management, IT security, or GRC roles.
- In-depth knowledge of cybersecurity frameworks (NIST, ISO 27001, CIS, etc.).
- Strong understanding of regulatory compliance requirements and risk assessment methodologies.
- Proven experience in policy writing, audit support, and risk remediation planning.
- Professional certifications such as CISSP, CISM, CRISC, CISA, or similar strongly preferred.
- Excellent analytical, problem-solving, and communication skills.
- Ability to manage multiple priorities in a fast-paced environment with minimal supervision.
- Experience with GRC tools (e.g., Archer, ServiceNow GRC, RiskLens).
- Familiarity with cloud environments (AWS, Azure, GCP) and related security challenges.
- Demonstrated ability to communicate complex technical issues to non-technical audiences.
- Passion for continuous improvement and proactive risk management.
- Be self-motivated with a willingness to learn from others and work with minimum direction.
- Actively seeks out know-how and best practice, related to own area of contribution.
- Anticipate future situations and plans to meet them.
- Bias for action – do things before being asked to or forced to by events.
- Willingly takes the lead when challenges occur.
- Actively promotes open and effective communication.
- Strong planning and organizing ability.
- Actively promotes a positive team environment, demonstrating shared commitment to the success of the team and the wider project organization.
- Actively engages and respects contributions of others, in face to face or virtual meetings.
- Seeks to develop self and coach others to help their development.
- Build networks to enhance effectiveness and share knowledge.
- Focuses effort and prioritizes work to deliver business value.
- Good knowledge of the English and Norwegian languages (both written and verbal).
Join Omega 365 Consulting for:
- Personalized, hands-on support from our dedicated Omega 365 team members
- Collaboration with one of Norway’s most prestigious consultant firms
- Guidance from experienced department managers, facilitating the development of your project expertise
- Internal visa assistance and expert advice for EEA/expat consultants
- Excellent opportunities to expand your professional network through project involvement and social gatherings
- Exclusive benefits including access to holiday houses and cabins in picturesque locations such as Hovden, Hemsedal, Geilo, Hafjell, Oppdal, Voss, Vågsli, Sirdal, Gran Canaria, and Thailand
- Diverse offerings of events including concerts and exciting excursion, both in Norway and abroad. We unveil attractive new trips exclusively for our employees every year.
Explore further at:
Expected salary
Location
Norge
Job date
Sun, 15 Jun 2025 04:43:07 GMT
To help us track our recruitment effort, please indicate in your email/cover letter where (jobsineu.net) you saw this job posting.