IT Security & Risk Officer

Job Description

We are seeking a proactive IT Security & Risk Officer for our client to support cybersecurity, risk management, and compliance initiatives across the organization. The role is cross-functional, combining strategic security development with hands-on operational execution.

Key responsibilities include:

1. Performing and quality-assuring Threat Analysis and Risk Assessments (TARAs)
2. Supporting and participating in security audits
3. Managing and improving operational cybersecurity processes
4. Driving a “Security by Design” culture across teams
5. Ensuring compliance with ISO 27001, NIS2, UNECE R155/R156, CRA, and GDPR
6. Applying lean governance principles to strengthen risk posture while maintaining business value delivery
7. Collaborating with Enterprise Architecture and DevSecOps teams
8. Aligning security with architecture, product development, and operational stakeholders

The role focuses on strengthening cybersecurity capabilities while reducing business risks and maintaining strong delivery capacity.

Skills Needed

Required Skills:

1. Security Governance
2. ISO 27001
3. NIS2
4. GDPR
5. UNECE R155/R156
6. CRA (Cyber Resilience Act)
7. CIA Triad (Confidentiality, Integrity, Availability)
8. TARA (Threat Analysis & Risk Assessment)

Preferred Skills:

1. Agile methodologies
2. AWS
3. Automotive cybersecurity standards
4. Incident Response
5. Crisis Management
6. Digital Forensics

Education

Bachelor’s or Master’s degree in:

1. Cybersecurity
2. Information Security
3. Computer Science
4. Information Technology
5. or equivalent professional experience.

Relevant certifications (preferred but not mandatory):

1. ISO 27001 Lead Implementer / Lead Auditor
2. CISSP
3. CISM
4. AWS Security Certification

Language Requirement

English – Proficient

Apply via email: hr@semiconservicenordic.com