HubMub
-
Head Energy AS

Senior Cyber Risk & GRC Analyst.

Head Energy AS
Norway · Contract · Not Applicable
Head Energy is looking for a skilled/experienced Senior Cyber Risk & GRC Analyst

Pnr: 21886

Are you an experienced cybersecurity and GRC professional looking for your next big challenge? Do you thrive in complex project environments where IT and OT converge? If so, we want to hear from you.

We are currently seeking a Senior Cyber Risk & GRC Analyst to join a major long-term digital infrastructure project. This key role will be essential in managing cyber risks, ensuring regulatory compliance, and supporting a robust cybersecurity posture across the organization. You will be part of a dynamic and cross-functional team delivering critical IT services and infrastructure.

Job Description

  • As our Senior Cyber Risk & GRC Analyst, you will:
  • Lead the identification and management of cybersecurity risks across systems, applications, and business processes
  • Perform threat modeling and vulnerability risk assessments to ensure secure systems and solutions
  • Maintain and enhance the Information Security Management System (ISMS) in alignment with ISO 27001, NIST CSF, and other frameworks
  • Conduct compliance assessments to ensure adherence to internal and external regulations such as GDPR, PCI DSS, HIPAA
  • Develop and enforce security policies, controls, and procedures
  • Support due diligence and third-party risk reviews for vendors and partners
  • Deliver training and awareness sessions across the organization to strengthen the security culture
  • Conduct site inspections as needed and follow up on any physical security-related risks
  • You will act as a strategic advisor to senior stakeholders and help embed security into our processes from the ground up.
  • Key Responsibilities
  • Cyber Risk Management: Identify, assess, and mitigate cyber threats and vulnerabilities
  • Compliance Oversight: Ensure compliance with ISO 27001, NIST, GDPR, and other relevant standards
  • Policy & Frameworks: Create and update security policies and governance frameworks
  • Incident Response: Lead and coordinate responses to cybersecurity incidents
  • Threat Intelligence: Monitor emerging threats and provide relevant risk analysis
  • Audit Readiness: Coordinate internal and external audits and oversee remediation
  • Training: Develop and deliver tailored security awareness programs
  • Reporting: Provide clear and actionable insights through structured risk and compliance reports
  • Vulnerability Management: Conduct periodic vulnerability scans and penetration tests
  • Vendor Risk: Manage third-party risk assessments and ensure supplier compliance
  • Continuous Improvement: Contribute to evolving our cyber and GRC maturity

Qualifications

  • Bachelor's degree in IT, Cybersecurity, or related discipline
  • Minimum 10 years of experience in cyber risk, IT security, or GRC roles
  • Deep understanding of cybersecurity frameworks such as ISO 27001, NIST, CIS
  • Proven ability to develop policies, manage risk registers, and implement remediation plans
  • Strong knowledge of compliance regulations including GDPR, PCI DSS, HIPAA
  • Professional certifications such as CISSP, CISM, CRISC, or CISA are strongly preferred
  • Excellent communication and stakeholder management skills
  • Fluent in English and Norwegian (spoken and written)

Personal Traits

  • Hands-on experience with GRC tools such as Archer, ServiceNow GRC, or RiskLens
  • Familiarity with cloud environments (AWS, Azure, GCP) and related security challenges
  • Strong ability to translate technical risk into business context
  • Self-driven, organized, and proactive mindset
  • Confident in taking the lead in crisis or risk situations
  • Collaborative, inclusive, and a natural team player
  • Focused on continuous learning and coaching others
  • Ability to prioritize tasks based on business value
  • Strong planning and documentation skills

📩 Interested?

We are reviewing applications on a rolling basis, so don’t wait to apply.

Language

  • English
  • Norwegian

In Head Energy You Get

  • Permanent- or project employment with the best conditions.
  • Access to the industry´s most exciting job opportunities
  • Personal follow-up, mentoring and career guidance
  • A large variety of project opportunities
  • Good pension- and insurance schemes
  • A pleasant and positive work environment
  • Access to both specific and general courses.

Video: Solutions that brings you one step ahead

Job alert subscription – Register to receive e-mails regarding job opportunities.

Head Energy’s application process is simple and straight forward. Upon registering your CV or LinkedIn-profile, you are able to apply to jobs by the push of a button. Keeping your profile up to date will increase our ability to match your competence and upcoming jobs.

Key Skills

Ranked by relevance

cybersecurity gdpr nist pci dss dss cissp cloud cisa cism aws gcp
Login to Apply
🇳🇴

Country Guide

Norway

Strong quality of life and high-income stability

Posted
Jul 04, 2025
Type
Contract
Level
Not Applicable
Location
Trondheim
Company
Head Energy AS

Industries

Civil Engineering Industrial Machinery Manufacturing Oil Gas

Categories

Project Management Engineering

Related Jobs

3 roles aligned with this opportunity

View all jobs
View Job Details
SSE plc
Related

Senior Data Scientist

2026-05-20

Full-time
Not Applicable
United Kingdom
Utilities
Project Management
View Job Details
Task Recruitment
Related

DevOps Engineer

2026-06-01

Contract
Mid-Senior
Australia
Agriculture
Information Technology
View Job Details
Akkodis
Related

Network Engineer

2026-05-27

Contract
Not Applicable
Australia
Oil
Information Technology