Cybersecurity GRC Consultant

Our Client is strengthening their Cybersecurity Governance, Risk & Compliance (GRC) capability and are now looking for a skilled and motivated Cybersecurity GRC Consultant to help shape, operate and continuously improve how cyber risk is governed and managed across the Company.

You will join a competent, engaged and collaborative cybersecurity team, working closely with IT, OT, digital projects.

 

Your role

As a Cybersecurity GRC Consultant, you will play a key role in ensuring that Company’s cyber risks are understood, managed and communicated in a structured and transparent way. You will bridge strategy and execution, ensuring that requirements, risks and controls are actionable, proportionate and aligned with business priorities.

This role requires both analytical depth and strong stakeholder skills, as you will advise leaders, influence decision making, and help embed cybersecurity into everyday processes.

 

Key responsibilities

Cybersecurity governance

• Maintain, develop and mature Company’s cybersecurity governance framework, policies and standards
• Ensure alignment with internal risk frameworks and enterprise governance models
• Translate strategy and regulatory requirements into practical, implementable controls

Risk management

• Facilitate and perform cybersecurity risk assessments across IT, OT and digital initiatives
• Support threat and risk based decision making for projects, suppliers and operations
• Track risk treatment plans, risk acceptance and management actions

Compliance and assurance

• Support compliance with relevant laws, regulations and industry standards (e.g. NIS2, ISO/IEC 27001, IEC 62443)
• Plan and execute internal cybersecurity assessments 
• Contribute to management reporting and leadership decision support

Advisory and collaboration

• Act as a trusted cybersecurity advisor for projects, product teams and business units
• Collaborate with IT, OT, architecture, procurement and vendor management
• Contribute to secure by design and risk based ways of working

Awareness and capability building

• Support development of cybersecurity guidance, training and awareness initiatives
• Help build a strong risk culture where cybersecurity is understood in the business units

 

Qualifications and experience

Required

• Relevant education within cybersecurity, IT, engineering or a related field
• Practical experience with cybersecurity governance, risk management and compliance
• Solid understanding of cybersecurity principles across IT and preferably OT environments
• Experience working with standards such as ISO 27001, NIST, CIS or IEC 62443
• Solid understanding of AI, automation and emerging technologies’ effect on Cyber security risk, IT&OT operations, and on data driven technology used for decision support

Preferred

• Experience from energy, oil & gas, industrial or other complex operational environments
• Familiarity with regulatory requirements such as NIS2 or critical infrastructure legislation
• Experience with third party risk management or supplier assurance
• Certification(s) such as CISM, CISSP, CRISC, ISO 27001 LA/LI (nice to have, not required)

Personal qualities

• Structured, pragmatic and risk based in your approach
• Comfortable working independently while collaborating across disciplines
• Able to challenge constructively and influence without formal authority
• Motivated by improving real world security—not just documentation

 

Which opportunities will this assignment give you?

• Work with cybersecurity at the core of safe and efficient operations
• High level of trust, autonomy and professional influence
• Strong focus on digitalization, data and modern ways of working
• A collaborative, down to earth culture

Contract period: 09.02.2026(after agreement)-29.01.2027

Work location: Oslo or Stavanger 

Please contact Kjersti Jonker, +47 97704446, kjersti.jonker@vegaconsultants.no, for more information about this role.