Senior Information Security Consultant (GRC) – Advisory & Assurance

Join a leading Nordic technology partner as we scale their Cyber Security Advisory Services. You’ll help private and public sector customers strengthen security governance, reduce risk, and meet regulatory obligations. You will be working alongside a generous, high‑calibre team that shares knowledge, takes ownership, and embraces new challenges.

🕒 Type: Permanent

🌍 Language: Fluent Norwegian (C1/C2) and professional English

📍 Presence: Able to work hybrid from Lysaker and travel to Greater Oslo customers - Hybrid (2/3 days in office)

Responsibilities:

• Advise customers on security strategy and operationalization, ISMS, and GRC
• Lead and deliver risk assessments/ROS, security reviews, and audits
• Guide ISO 27001 implementations (policies, controls, metrics, internal audit, certification prep)
• Serve as fractional/CISO‑for‑hire for selected customers
• Support privacy and data protection initiatives (e.g., GDPR, DPIAs) with security by design
• Shape security architecture guidance across network, identity, cloud, and application domains
• Elevate security culture & training for technical and non‑technical stakeholders
• Collaborate in cross‑functional delivery with engineering, SOC, and senior client leaders

Requirements:

🧭 Experience: 10+ years in IT with 5+ years as a security/GRC consultant

📑 Frameworks: Hands‑on with ISO 27001/27002 (implement/maintain/improve ISMS)

⚖️ Governance & risk: Deep understanding of GRC, policy/control design, risk methods

🔍 Audit & assurance: Conduct audits, internal controls, and security assessments

🧱 Architecture awareness: Network security, IAM, cloud, and application security

📜 Regulatory: Familiar with NIS2, GDPR, and certification/compliance processes

🗣️ Stakeholder skills: Comfortable with C‑level presentations and exec workshops

🧪 Delivery leadership: Lead engagements, plan roadmaps, and drive measurable outcomes

🤝 Consulting craft: Discovery, scoping, clear documentation, and executive reporting

Beneficial to have:

🔐 Certifications: CISSP, CISM, ISO 27001 Lead Implementer/Lead Auditor, CIPM/CIPP/E

☁️ Cloud: Security posture in Azure/AWS, landing zones, baseline controls, logging/monitoring

🔑 Identity: Modern IAM/IDaaS, federation, zero trust principles

🧰 Tooling: GRC platforms (e.g., OneTrust, ServiceNow GRC), risk tooling, control libraries

🏛️ Public sector: Experience with Nordic public frameworks and critical‑infrastructure contexts

🧩 Method: Threat modeling, secure SDLC, supplier risk, third‑party assurance

📈 Business acumen: Link security outcomes to business goals and ROI

🎓 Education: Master’s in a relevant field (or equivalent, experience can compensate)

Package:

• Competitive base + bonus (OTE targets)
• A comprehensive benefits package (pension, insurance, and professional perks)
• Hybrid flexibility with modern offices in Lysaker
• Access to top‑tier tools and a supportive engineering & SOC ecosystem
• Low bureaucracy, clear ownership, and visible customer impact
• A collaborative culture