Deloitte delivers specialized services with expertise in audit, legal services, financial advisory, risk analysis, and consulting. With over 450,000 colleagues supporting us, we view the world from various perspectives and create value across borders, industries, expertise, insights, and generations. Using this knowledge, we help prepare our clients for tomorrow's challenges. Together, we create results.

The team: You will be part of the Nordic CISO Team and will work out of the Norwegian Head office in Oslo, with an option to work from home when required. You will be part of a fun and collaborative cross-functional team with extensive experience that are truly passionate about our work in securing Deloitte and our clients. We are a team of 9 employees, spread across the Nordic countries. We cover areas such as Governance, Risk and Compliance, Security Architecture, Cybersecurity Assurance and Operations. Your role will be within the GRC function.

The Cyber & IT Risk Manager is a critical role within the Nordic CISO’s function, responsible for the day-to-day operation of the unified Cyber and IT Operational Risk program. This individual will act as the central hub for all technology-related risk management activities across the Nordics, ensuring a consistent, efficient, and compliant approach.

Success in this role depends on a balanced ability to manage both the technical processes and the human elements of risk management.

Key Responsibilities includes:

• Chair the Cyber & IT Risk Forum, driving the agenda, facilitating discussions, and ensuring decisions are made and tracked
• Provide training and guidance to uplift risk management maturity across IT
• Manage risk escalations
• Prepare and present regular risk reports and dashboards for various leadership and governance bodies
• Act as the primary liaison between the CISO function, 1st Line of Defense, and 2nd Line of Defense function.
• Continuously identify and implement improvements to the risk management framework, processes, and procedures to enhance operational efficiency and effectiveness.

Who are we looking for?

We do believe that you have some experience from working in a Cybersecurity function, and that you have a solid and practical experience in risk-related roles. You might also have:

• Certification in CRISC, CISA, CISM, CISSP
• Preferably around 5 years of relevant experience within risk and compliance management, or in a similar role.
• Experience from high level matrix organization
• Relevant education, BSc or MSc

You must be fluent in English. We believe you have good communication skills, both verbal and written.

Why Deloitte?

We have a large and varied set of offerings and benefits for our employees. What we are most proud of is the focus we have on our people. Here are some of the things our colleagues say they appreciate most as employees of Deloitte:

• The people – "No sharp elbows, and everyone is equally important, whether you're a graduate or a partner – you feel seen and valued as a person and colleague."
• Co-determination in your own development – "Your role develops with you through guidance from your own coach that helps you identify and exploit your own strengths, and creates space to develop as a leader."
• Continuous development – "Variation in tasks, assignments and customers always brings new challenges, but in a safe environment around genuinely supportive and helpful colleagues"
• Maternity- /parental leave – "Leave sponsor, free midwifery classes and maternity reunions? Yes please! With a new boss at home, it is especially important to have a workplace that facilitates well for the time outside the office."
• The cohesion of the team – "You love the people you work with and make good friends at work."
• Attention on work-life balance – "Your needs are well met. For example, there is good communication and resolution between the desired overtime and actual overtime."

There is a variety of tasks and client engagements lined up waiting for the right people to perform them.

Next steps

We would like to receive your CV and relevant documents by 23.11.2025 Please note that we will contact relevant candidates on an ongoing basis. Instead of a traditional cover letter, we would like you to answer these questions instead:

1. Describe your competence: What qualities and skills do you have that you believe are important to succeed in this role?
2. Describe your motivation: What is the main reason you want this role?

All applications are read, and we look forward to reading YOURS!

If you have any questions regarding the position, you are welcome to contact:

• Kristin Ekornes Strøm, Director, e-mail: [email protected]

For questions about the application process, please contact:

• Haris Akhtar, e-mail: [email protected].