Senior Cyber Risk & GRC Analyst

Head Energy is looking for a skilled/experienced Senior Cyber Risk & GRC Analyst

Pnr: 21886

Are you an experienced cybersecurity and GRC professional looking for your next big challenge? Do you thrive in complex project environments where IT and OT converge? If so, we want to hear from you.

We are currently seeking a Senior Cyber Risk & GRC Analyst to join a major long-term digital infrastructure project. This key role will be essential in managing cyber risks, ensuring regulatory compliance, and supporting a robust cybersecurity posture across the organization. You will be part of a dynamic and cross-functional team delivering critical IT services and infrastructure.

Job Description:

• As our Senior Cyber Risk & GRC Analyst, you will:
• Lead the identification and management of cybersecurity risks across systems, applications, and business processes
• Perform threat modeling and vulnerability risk assessments to ensure secure systems and solutions
• Maintain and enhance the Information Security Management System (ISMS) in alignment with ISO 27001, NIST CSF, and other frameworks
• Conduct compliance assessments to ensure adherence to internal and external regulations such as GDPR, PCI DSS, HIPAA
• Develop and enforce security policies, controls, and procedures
• Support due diligence and third-party risk reviews for vendors and partners
• Deliver training and awareness sessions across the organization to strengthen the security culture
• Conduct site inspections as needed and follow up on any physical security-related risks
• You will act as a strategic advisor to senior stakeholders and help embed security into our processes from the ground up.

• Key Responsibilities

• Cyber Risk Management: Identify, assess, and mitigate cyber threats and vulnerabilities
• â â â â â â â Compliance Oversight: Ensure compliance with ISO 27001, NIST, GDPR, and other relevant standards
• Policy & Frameworks: Create and update security policies and governance frameworks
• Incident Response: Lead and coordinate responses to cybersecurity incidents
• Threat Intelligence: Monitor emerging threats and provide relevant risk analysis
• Audit Readiness: Coordinate internal and external audits and oversee remediation
• Training: Develop and deliver tailored security awareness programs
• Reporting: Provide clear and actionable insights through structured risk and compliance reports
• Vulnerability Management: Conduct periodic vulnerability scans and penetration tests
• Vendor Risk: Manage third-party risk assessments and ensure supplier compliance
• Continuous Improvement: Contribute to evolving our cyber and GRC maturity

Qualifications:

• Bachelor's degree in IT, Cybersecurity, or related discipline
• â â â â â â â Minimum 10 years of experience in cyber risk, IT security, or GRC roles
• Deep understanding of cybersecurity frameworks such as ISO 27001, NIST, CIS
• Proven ability to develop policies, manage risk registers, and implement remediation plans
• Strong knowledge of compliance regulations including GDPR, PCI DSS, HIPAA
• Professional certifications such as CISSP, CISM, CRISC, or CISA are strongly preferred
• Excellent communication and stakeholder management skills
• Fluent in English and Norwegian (spoken and written)

Personal traits:

• Hands-on experience with GRC tools such as Archer, ServiceNow GRC, or RiskLens
• â â â â â â â Familiarity with cloud environments (AWS, Azure, GCP) and related security challenges
• Strong ability to translate technical risk into business context
• Self-driven, organized, and proactive mindset
• Confident in taking the lead in crisis or risk situations
• Collaborative, inclusive, and a natural team player
• Focused on continuous learning and coaching others
• Ability to prioritize tasks based on business value
• Strong planning and documentation skills

ð © Interested?

We are reviewing applications on a rolling basis, so don’t wait to apply. 

Language:

• English
• Norwegian

 

In Head Energy you get:

• Permanent- or project employment with the best conditions.
• Access to the industry´s most exciting job opportunities
• Personal follow-up, mentoring and career guidance
• A large variety of project opportunities
• Good pension- and insurance schemes 
• A pleasant and positive work environment
• Access to both specific and general courses.

Video: Solutions that brings you one step ahead

Job alert subscription – Register to receive e-mails regarding job opportunities.

Head Energy’s application process is simple and straight forward. Upon registering your CV or LinkedIn-profile, you are able to apply to jobs by the push of a button. Keeping your profile up to date will increase our ability to match your competence and upcoming jobs.

Head Energy is an independent Scandinavian engineering & consulting house providing a wide range of products to onshore and offshore industries. We work with reputed clients in Energy, Civil Construction & Infrastructure, and Industry.
Head Energy has more than 900 employees, and offices in Bergen, Stavanger, Oslo, Trondheim, Gothenburg, Stenungsund, Esbjerg, Odense,  and Hamburg. We are employee owned, client focused and growth oriented.
We live by our core values: Responsible | Honest | Inclusive | Innovative.
Our vision is to bring our employees and clients one step ahead.