Security Risk and Compliance Specialist

Join our global team for a career filled with opportunities to solve challenges both small and large, local and global, simple and complex.

Wilhelmsen Global Business Services (GBS) is looking for a Security Risk and Compliance Specialist

Locations: Lysaker Type: Full-time | Hybrid

As the Security Risk and Compliance Specialist, you will take a leading role in driving security risk and compliance within Wilhelmsen Global Business Services. You will be responsible for supporting the development, implementation, and maintenance of security policies, standards, and controls, ensuring that our applications and digital services meet corporate security requirements and recognize industry best practices.

You will work closely with both business and technology teams, acting as a trusted partner to help manage risk, support audits, and maintain a strong security and compliance posture across GBS.

What you will be doing:

• Support the development and implementation of the Governance, Risk, and Compliance (GRC) framework in line with industry’s best practices and regulatory requirements
• Assist in conducting security risk assessments, identifying threats and vulnerabilities, and supporting the definition of mitigation strategies
• Support ongoing compliance monitoring to ensure adherence to internal policies, regulatory requirements, industry standards, and contractual obligations
• Develop and maintain reporting metrics, dashboards, and evidence to demonstrate compliance
• Support internal and external audits by gathering evidence, conducting preliminary assessments, and assisting with remediation of audit findings
• Contribute to the development, configuration, and continuous improvement of GRC tools and services, including scheduling and supporting regular control assessments
• Assist in evaluating and managing risks related to third-party vendors and service providers, including reviewing and embedding security requirements in third-party agreements
• Support commercial activities by contributing to customer security questionnaires and compliance-related inquiries in sales processes
• Participate in the review, development, and maintenance of security policies, standards, and procedures
  
  
  

What we are looking for:

• Bachelor’s degree in cybersecurity, information security, risk management, governance, or a related field (relevant experience may be considered in lieu of formal education)
• Minimum 3 years of experience in information security, risk management, audit, or compliance-related roles
• Solid understanding of GRC concepts, principles, and practices
• Familiarity with recognised regulations, standards, and frameworks such as ISO 27001, SOC 2, NIST, NIS2, CMMC, and GDPR
• Experience working with GRC tools or platforms (e.g. Hyperproof, OneTrust, Drata, Secureframe, or similar)
• Proven ability to manage multiple risk and compliance initiatives in parallel
• Experience supporting third-party audits, including evidence collection and audit response coordination
• Relevant security certifications (e.g. ISO 27001 Lead Implementer or Auditor, CISA, CISM, CISSP), or actively working toward certification
  
  
  

What We Offer

At WSS, you’ll join a global organization with a strong sense of purpose, collaboration, and care for its people. We offer a challenging and rewarding role, supported by:

• Flexible working arrangements
• WSS bonus scheme
• Generous holiday allowance
• Car allowance
• Competitive pension and insurance plans (Benefits may vary by location)
  
  
  

Work locations: Oslo

Application deadline: 17.04.2026

Contact: Olivia Tye‑Reeve, Senior Recruitment Specialist: [email protected]