Cyber Security Analyst (GRC)

emagine is looking for a Cyber Security Analyst (GRC) to one of our clients in Stockholm.

Start: 2026-03-09

End: 2026-11-30

Location: Stockholm (4 days onsite, 1 day remote)

Job description:

The Governance, Risk, Compliance (GRC) Officers on all levels play a key role in ensuring that the security posture of the organization remains strong, scalable, and aligned with business goals. The GRC Officers three focuses are: governance to build a structured way of working with cyber security while achieving organizational objectives and improving security culture, risk management to identify, address, assess, mitigate and follow-up on cyber security and technology risks, compliance to meet global and local laws, standards and other regulatory requirements within cyber security to ensure an ability to deliver intended outcomes despite experiencing challenging cyber events.

The officers ensure that the cyber security best practices are applied consistently on client´s global market. They collaborate closely with other functions within the organization and continuously enhances our services and processes.

The GRC Officer is a high-level role.

This position leads in developing and maintaining a comprehensive governance framework, managing cyber risks, ensuring compliance with global standards and regulations, and strengthening resilience through business continuity and crisis management. With an advanced understanding of cyber security principles, the GRC Officer enforces to the strategic direction and ensures its implementation across the client Group.

Responsibilities

On a high-level leading in:

Participates in development and improvement of the organization’s Governance, Risk, Compliance (GRC) frameworks within cyber security.

• Ensure the governance structure and security steering documents are accessible, clearly understood, and adopted across all levels of the organization.
• Conduct and oversee comprehensive cyber risk assessments at both enterprise and
  
  

operational levels; maintain and regularly update central risk registers enabling risk informed decision-making.

• Develop audit and control testing schedules, and ensure systematic evaluation of
  
  

compliance levels and control effectiveness.

• Drive a culture of continuous improvement by identifying and introducing more effective and efficient controls and processes across the cyber security domain.
• Collaborate regularly with internal departments and external stakeholders, including third-party vendors, to manage cyber security risks and ensure alignment with internal standards and contractual obligations.
• Act as a visible ambassador for cyber security, making complex security topics
  
  

understandable and accessible to all employees.

Qualifications

• Typically, 5+ years in cyber security in a global enterprise
• Typically, 3+ years in governance, risk management and compliance
• Applicable educational background within GRC and/or information and cyber security (e.g. a university degree or a diploma from a higher vocational education) or equivalent work experience
• Good knowledge of regulatory compliance - preferable on a global market
• Good knowledge of cyber security best practises, standards and maturity models (e.g. ISO 27001, ISO 31000, ISO 22301, NIST CSF, C2M2)
• Proven track record in risk management and in reporting for global enterprises
• Experience designing, implementing and governing cyber security frameworks
• Experience working with auditors and QSA's in security assessments and certification processes
• Strong communication and collaboration skills in English
• Experience from driving security awareness activities and building security culture
• Proven skills in change management
  
  

Preferred Certification

• CISM, CISSP, CCISO or equivalent certification in information and cyber security
• ISO 27001 Certification (e.g. as Lead Implementor or Lead Auditor)