Arbetsbeskrivning

Avaron AB is a growing consultancy focused on technology, finance, and business support. We match your expertise with the market's most interesting assignments, offering a platform where your professional development is central.

In this role, you will strengthen and evolve a global cyber security Governance, Risk and Compliance (GRC) capability. You will help ensure a robust, scalable security posture aligned with business objectives by developing governance structures, managing cyber and technology risks, and driving compliance with relevant laws, standards, and regulatory requirements.

You will work closely with multiple internal functions and external stakeholders to continuously improve services, processes, and controls—while acting as a clear and visible advocate for cyber security across the organization.

• Contribute to the development and continuous improvement of cyber security GRC frameworks
• Ensure governance structures and steering documents are accessible, understood, and adopted across the organization
• Conduct and oversee cyber risk assessments at enterprise and operational levels
• Maintain and regularly update central risk registers to enable risk-informed decision-making
• Develop audit and control testing schedules and evaluate compliance levels and control effectiveness
• Drive continuous improvement by identifying and implementing more effective and efficient controls and processes
• Collaborate with internal teams and external stakeholders, including third-party vendors, to manage cyber security risks and ensure alignment with internal standards and contractual obligations
• Act as a cyber security ambassador by making complex topics understandable and actionable for employees

• Typically, 5+ years in cyber security in a global enterprise
• Typically, 3+ years in governance, risk management and compliance
• Relevant education within GRC and/or information and cyber security (e.g., university degree, higher vocational education) or equivalent work experience
• Good knowledge of regulatory compliance, preferably in a global market context
• Good knowledge of cyber security best practices, standards and maturity models (e.g. ISO 27001, ISO 31000, ISO 22301, NIST CSF, C2M2)
• Proven track record in risk management and reporting for global enterprises
• Experience designing, implementing and governing cyber security frameworks
• Experience working with auditors and QSAs in security assessments and certification processes
• Strong communication and collaboration skills in English
• Experience driving security awareness activities and building security culture
• Proven change management skills

• CISM, CISSP, CCISO or equivalent certification in information and cyber security
• ISO 27001 certification (e.g. Lead Implementor or Lead Auditor)

Selections are made on an ongoing basis, so we recommend that you apply as soon as possible.