Senior IT Security & Risk Officer

Job Description

Our client is seeking a highly organized and detail-oriented Senior IT Security & Risk Officer to support cybersecurity governance activities within the Digital Services domain. This role is based at Lindholmen, Gothenburg, and focuses primarily on Information Security Management System (ISMS) coordination, audit planning, governance administration, and compliance support within a mature ISO 27001 certified environment.

The assignment is well suited for a consultant with solid experience in Governance, Risk, and Compliance (GRC), particularly within structured and regulated environments. The selected professional will collaborate closely with cybersecurity teams, auditors, and stakeholders to ensure security governance activities are effectively coordinated and continuously improved.

Key Responsibilities

ISMS Coordination & Governance Support

• Coordinate and maintain ISMS-related documentation, governance activities, and security management plans.
• Support ongoing administration and coordination activities within the cybersecurity governance function.

Audit Planning & Compliance Coordination

• Organize and oversee internal ISO audits as well as external certification audit activities.
• Manage audit schedules, evidence collection, action tracking, and reporting processes to ensure compliance readiness.

Risk & Security Assessment Support

• Assist in reviewing and quality-assuring risk assessments and Threat Analysis and Risk Assessments (TARAs) conducted by internal teams.
• Support security governance processes by ensuring consistency and adherence to established standards.

Regulatory & Framework Compliance

• Contribute to compliance initiatives related to ISO 27001, NIS2, UNECE R155/R156, and other relevant regulatory frameworks.
• Support gap assessments and continuous improvement activities as new security standards and requirements are introduced.

Continuous Improvement Activities

• Collaborate with stakeholders to enhance governance processes, improve security documentation, and strengthen compliance procedures.
• Monitor follow-up actions and support the implementation of corrective measures identified during audits and assessments.

Required Experience

• 3–5 years of experience within IT Security, Governance, Risk & Compliance (GRC), or security compliance functions.
• Hands-on experience working with ISMS frameworks and audit coordination within ISO-certified environments.
• Strong understanding of risk management methodologies and threat analysis concepts.
• Proven experience in governance coordination, planning, and documentation management.

Education

Bachelor’s degree in Information Technology, Cyber Security, Information Security, Risk Management, or a related discipline is preferred.

Required Skills

• ISO 27001
• IT Security Governance
• Governance, Risk & Compliance (GRC)
• Audit Coordination
• Risk Management
• Security Compliance
• ISMS Administration
• Threat Analysis & Risk Assessment (TARA)
• Documentation & Reporting
• Security Governance

Preferred Qualifications & Knowledge

• Familiarity with NIS2, GDPR, CRA, or UNECE R155/R156 regulations.
• Experience working in agile delivery environments.
• Exposure to incident response and security operations activities.
• Swedish language proficiency is considered an advantage.

Personal Attributes

• Highly structured and detail-focused approach to work.
• Strong planning, coordination, and organizational capabilities.
• Effective communicator with excellent stakeholder management skills.
• Ability to work independently while collaborating across multiple teams.
• Proactive mindset with a focus on continuous improvement and governance excellence.

Language Requirement

• English – Professional proficiency required
• Swedish – Preferred but not mandatory

Application Method: Interested candidates can apply by sending their profile to hr@semiconservicenordic.com