Senior Security GRC Specialist

Senior Security GRC Specialist

The TOMRA Group Security function is seeking a skilled and experienced GRC specialist to join the Security GRC team in Asker. The successful candidate will work closely with the Head of the Security GRC department to develop and standardize a best practice approach to information security governance, risk management, and compliance across the organization. This role involves working closely with stakeholders to ensure the necessary policies, frameworks, and tools are in place to protect the confidentiality, integrity, and availability of our most valuable assets.

Key Responsibilities:

• Develop and implement security policies, standards, and procedures to ensure compliance with regulatory requirements and industry best practices.
• Conduct risk assessments and develop risk mitigation strategies to address identified vulnerabilities.
• Monitor and report on the effectiveness of the security program, including compliance with internal policies and external regulations, conducting maturity assessments, and driving continuous improvement initiatives.
• Collaborate with various departments to ensure security controls are integrated into business processes and systems.
• Stay up-to-date with the latest security trends, threats, and technologies to continuously improve the security posture of the organization.

Qualifications:

• Bachelor's degree in Information Security, Computer Science, or a related field.
• Minimum of 5 years of experience in information security, with a focus on governance, risk management, and compliance.
• Strong knowledge of security frameworks and standards such as ISO/IEC 27001, NIST, and ISF Standard of Good Practice.
• Experience with security policy development and implementation, risk assessment methodologies and tools, and assurance activities.
• Excellent communication and interpersonal skills, with the ability to work effectively with stakeholders at all levels of the organization.
• Relevant certifications such as ISO 27001or CISM / CISA are highly desirable.

Preferred Skills:

• Knowledge of operational technology (OT) security and secure software/system development processes.
• Familiarity with security maturity models such as ISF related maturity tools, NIST CSF, C2M2, ISO 27001, CIS Controls and NIS2.

Additional information:

We encourage interested candidates to apply as soon as possible. Reviewing candidates and interviews will be conducted on an ongoing basis, and the process may be closed if the right candidate is found before the deadline.

Deadline for applications: 11.02.2025

TOMRA is proud to be an Equal Opportunity Employer and provides equal employment opportunities to all employees and applicants regardless of race, color, religion, gender, gender identity, age, national origin, disability, parental or pregnancy status, marriage and civil partnership, sexual orientation, veteran status, or any other characteristic protected by law.