Cyber Security Analyst
IKM Consultants ASNorway11 hours ago
TemporaryInformation Technology
Track This Job
Add this job to your tracking list to:
- Monitor application status and updates
- Change status (Applied, Interview, Offer, etc.)
- Add personal notes and comments
- Set reminders for follow-ups
- Track your entire application journey
Save This Job
Add this job to your saved collection to:
- Access easily from your saved jobs dashboard
- Review job details later without searching again
- Compare with other saved opportunities
- Keep a collection of interesting positions
- Receive notifications about saved jobs before they expire
AI-Powered Job Summary
Get a concise overview of key job requirements, responsibilities, and qualifications in seconds.
Pro Tip: Use this feature to quickly decide if a job matches your skills before reading the full description.
Bærum
System development
Key responsibilities
Cyber Risk Analysis
Be part of the Yggdrasil project team and assist in testing and validating technical solutions that could potentially be a cyber threat.
Identify and work with the project teams to assess risks and guide teams and suppliers to implement more robust solutions if necessary.
Work with project and operations teams providing identification, assessment, and management of cybersecurity risks across systems, applications, and business processes.
Perform needed threat modeling and vulnerability risk assessments to support secure system design and implementation.
Through the established base and project organization, be part of monitoring work force working to identify internal and external threat landscapes and provide actionable intelligence to stakeholders.
In the context of cyber develop and maintain risk registers and present findings to senior leadership and other relevant stakeholders.
Collaborate with IT and business units to define risk treatment plans and track mitigation efforts.
Governance, Risk & Compliance (GRC)
Maintain and enhance the Information Security Management System (ISMS) and ensure alignment with ISO 27001, NIST CSF, and other relevant frameworks.
Conduct regular compliance reviews, gap analyses, and audits to ensure adherence to internal policies and external regulations (e.g., GDPR, PCI DSS, HIPAA).
Support the development and maintenance of security policies, standards, procedures, and guidelines.
Prepare and present reports for internal and external audits, certifications, and regulatory reviews.
Lead risk and control assessments, including third-party risk reviews and vendor due diligence.
Skills within collaboration
Act as a subject matter expert on cyber risk and GRC best practices.
Work alongside project, operations and supplier teams with the one team mindset, enabling collaboration and positive progress to ensure we reach the common goal of an infrastructure and systems portfolio with the least number of cyber threats.
Work cross-functionally with OT, IT, audit, suppliers, system vendors, hardware vendors and business units to embed security into organizational culture and processes.
Being a team player is key for our progress, but if you discover cyber threats in a design you must have the guts to stand up for your findings and opinions and be resolute speaking up in a crowd.
Primary tasks
Risk Assessments
Bachelors degree in information technology, Cybersecurity, or a related is requested but not neccessary if relevant experience and / or certification is in place.
Minimum of 10+ years of combined experience in cyber risk management, IT & OT security, or GRC roles.
In-depth knowledge of cybersecurity frameworks (NIST, ISO 27001, CIS, etc.).
Strong understanding of regulatory compliance requirements and risk assessment methodologies.
Professional certifications such as CISSP, CISM, CRISC, CISA, or similar strongly preferred.
Excellent analytical, problem-solving, and communication skills.
Ability to manage multiple priorities in a fast-paced environment with minimal supervision.
The candidate must be able to demonstrate genuine interest in the field of cyber security, and show evidence of being a true hands on white hacker type of person.
Desirable Attributes
Many years with hand on experience finding vulnerabilities in digital systems.
Deeper understanding of how hardware and software actually works
Experience with both IT and OT systems, and what typically separates these environments and also how systems and suppliers work within these environments.
Experience with GRC tools (e.g., Archer, ServiceNow GRC, Riskless).
Familiarity with cloud environments (AWS, Azure, GCP) and related security challenges.
Passion for continuous improvement and proactive risk management.
Be self-motivated with a willingness to learn from others and work with minimum direction.
Actively seeks out know-how and best practice, related to own area of contribution.
Anticipate future situations and plans to meet them.
Bias for action - do things before being asked to or forced to by events.
Willingly takes the lead when challenges occur.
Actively promotes open and effective communication.
Strong planning and organizing ability.
Actively promotes a positive team environment, demonstrating shared commitment to the success of the team and the wider project organization.
Actively engages and respects contributions of others, in face to face or virtual meetings.
Seeks to develop self and coach others to help their development.
Build networks to enhance effectiveness and share knowledge.
Focuses effort and prioritizes work to deliver business value.
Language: Good knowledge of the English and Norwegian languages (both written and verbal).
Work location: Primary work location Stavanger or Oslo / Fornebu with rotation to Stavanger on scheduled basis.
Duration: ASAP - 31.12.2027
Phased startup with less than full time as a part of engagement is acceptable.
Søk nå
System development
Key responsibilities
Cyber Risk Analysis
Be part of the Yggdrasil project team and assist in testing and validating technical solutions that could potentially be a cyber threat.
Identify and work with the project teams to assess risks and guide teams and suppliers to implement more robust solutions if necessary.
Work with project and operations teams providing identification, assessment, and management of cybersecurity risks across systems, applications, and business processes.
Perform needed threat modeling and vulnerability risk assessments to support secure system design and implementation.
Through the established base and project organization, be part of monitoring work force working to identify internal and external threat landscapes and provide actionable intelligence to stakeholders.
In the context of cyber develop and maintain risk registers and present findings to senior leadership and other relevant stakeholders.
Collaborate with IT and business units to define risk treatment plans and track mitigation efforts.
Governance, Risk & Compliance (GRC)
Maintain and enhance the Information Security Management System (ISMS) and ensure alignment with ISO 27001, NIST CSF, and other relevant frameworks.
Conduct regular compliance reviews, gap analyses, and audits to ensure adherence to internal policies and external regulations (e.g., GDPR, PCI DSS, HIPAA).
Support the development and maintenance of security policies, standards, procedures, and guidelines.
Prepare and present reports for internal and external audits, certifications, and regulatory reviews.
Lead risk and control assessments, including third-party risk reviews and vendor due diligence.
Skills within collaboration
Act as a subject matter expert on cyber risk and GRC best practices.
Work alongside project, operations and supplier teams with the one team mindset, enabling collaboration and positive progress to ensure we reach the common goal of an infrastructure and systems portfolio with the least number of cyber threats.
Work cross-functionally with OT, IT, audit, suppliers, system vendors, hardware vendors and business units to embed security into organizational culture and processes.
Being a team player is key for our progress, but if you discover cyber threats in a design you must have the guts to stand up for your findings and opinions and be resolute speaking up in a crowd.
Primary tasks
Risk Assessments
- Conduct risk assessments to identify vulnerabilities and threats to the organization's information systems, temporary project offices, data transport methods, and more.
- This work will be performed primarily during commissioning and handover to operations phase of the project. This means there will be a steady stream of systems evaluations and follow-ups with project teams and vendors on technical details.
- Hands-on penetration testing where needed. This will be determined based on risk processes and project priorities.
- System design review
- Develop and implement strategies to mitigate identified risks and reduce the organization's exposure to cyber threats.
- Follow up on specific implementations of improvements to systems design and configurations.
- Ensure compliance with relevant regulations, standards, and best practices (e.g., GDPR, ISO 27001, NIST).
- On a detailed level this also dicates that the project specific requirements might require work arounds that trigger related systems to adjust to comply with cyber requirements, leading to the fact that completed analysis of systems might have to be reevaluated.
- Implement and maintain cybersecurity and GRC policies, procedures, and frameworks.
- Coordinate incident response efforts, including investigation, containment, eradication, and recovery.
- Work with operational teams in IT and OT to ensure we monitor and analyze emerging cyber threats and vulnerabilities, providing timely updates and recommendations.
- When required travel to project site to do physical inspection with relevant teams like IT, OT and Security. Follow up on any previous findings, and evaluate if new threats needs to be raised as risks and mitigated.
- Maintain accurate and up-to-date documentation of project related GRC processes, procedures, and incident response plans.
- Communicate effectively with stakeholders at all levels, providing clear and actionable insights on cybersecurity and compliance matters.
- Conduct regular vulnerability assessments and penetration testing to identify and address security weaknesses.
- Continuously evaluate and improve the organization's cybersecurity and GRC practices to enhance overall security posture.
Bachelors degree in information technology, Cybersecurity, or a related is requested but not neccessary if relevant experience and / or certification is in place.
Minimum of 10+ years of combined experience in cyber risk management, IT & OT security, or GRC roles.
In-depth knowledge of cybersecurity frameworks (NIST, ISO 27001, CIS, etc.).
Strong understanding of regulatory compliance requirements and risk assessment methodologies.
Professional certifications such as CISSP, CISM, CRISC, CISA, or similar strongly preferred.
Excellent analytical, problem-solving, and communication skills.
Ability to manage multiple priorities in a fast-paced environment with minimal supervision.
The candidate must be able to demonstrate genuine interest in the field of cyber security, and show evidence of being a true hands on white hacker type of person.
Desirable Attributes
Many years with hand on experience finding vulnerabilities in digital systems.
Deeper understanding of how hardware and software actually works
Experience with both IT and OT systems, and what typically separates these environments and also how systems and suppliers work within these environments.
Experience with GRC tools (e.g., Archer, ServiceNow GRC, Riskless).
Familiarity with cloud environments (AWS, Azure, GCP) and related security challenges.
Passion for continuous improvement and proactive risk management.
Be self-motivated with a willingness to learn from others and work with minimum direction.
Actively seeks out know-how and best practice, related to own area of contribution.
Anticipate future situations and plans to meet them.
Bias for action - do things before being asked to or forced to by events.
Willingly takes the lead when challenges occur.
Actively promotes open and effective communication.
Strong planning and organizing ability.
Actively promotes a positive team environment, demonstrating shared commitment to the success of the team and the wider project organization.
Actively engages and respects contributions of others, in face to face or virtual meetings.
Seeks to develop self and coach others to help their development.
Build networks to enhance effectiveness and share knowledge.
Focuses effort and prioritizes work to deliver business value.
Language: Good knowledge of the English and Norwegian languages (both written and verbal).
Work location: Primary work location Stavanger or Oslo / Fornebu with rotation to Stavanger on scheduled basis.
Duration: ASAP - 31.12.2027
Phased startup with less than full time as a part of engagement is acceptable.
Søk nå
Key Skills
Ranked by relevanceReady to apply?
Join IKM Consultants AS and take your career to the next level!
Application takes less than 5 minutes