Arbetsbeskrivning

Professional Galaxy is an IT and technology consulting company that provides highly specialized expertise within IT, software development, SAP, purchasing, electronics and mechanical design. We collaborate with experienced senior experts and deliver strategic value-creating expertise to some of Sweden's most complex and analytically demanding projects. Our focus is always on high quality, professionalism and clear, measurable results. 

We are now seeking a Cyber Security (GRC) Analyst 

Description 

The Governance, Risk, Compliance (GRC) Officers on all levels play a key role in ensuring that the security posture of the organization remains strong, scalable, and aligned with business goals. The GRC Officers three focuses are: governance to build a structured way of working with cyber security while achieving organizational objectives and improving security culture, risk management to identify, address, assess, mitigate and follow-up on cyber security and technology risks, compliance to meet global and local laws, standards and other regulatory requirements within cyber security to ensure an ability to deliver intended outcomes despite experiencing challenging cyber events. 

The officers ensure that cyber security best practices are applied consistently across the organization’s global operations. They collaborate closely with other functions within the organization and continuously enhance services and processes. 

The GRC Officer is a high-level role. This position leads in developing and maintaining a comprehensive governance framework, managing cyber risks, ensuring compliance with global standards and regulations, and strengthening resilience through business continuity and crisis management. With an advanced understanding of cyber security principles, the GRC Officer contributes to the strategic direction and ensures its implementation across the organization. 

Responsibilities 

On a high-level leading in:  Participates in development and improvement of the organization’s Governance, Risk, Compliance (GRC) frameworks within cyber security.  • Ensure the governance structure and security steering documents are accessible, clearly understood, and adopted across all levels of the organization.  • Conduct and oversee comprehensive cyber risk assessments at both enterprise and operational levels; maintain and regularly update central risk registers enabling risk informed decision-making.  • Develop audit and control testing schedules and ensure systematic evaluation of compliance levels and control effectiveness.  • Drive a culture of continuous improvement by identifying and introducing more effective and efficient controls and processes across the cyber security domain.  • Collaborate regularly with internal departments and external stakeholders, including third-party vendors, to manage cyber security risks and ensure alignment with internal standards and contractual obligations.  • Act as a visible ambassador for cyber security, making complex security topics understandable and accessible to all employees. 

Qualifications  • Typically, 5+ years in cyber security in a global enterprise  • Typically, 3+ years in governance, risk management and compliance  • Applicable educational background within GRC and/or information and cyber security (e.g. a university degree or a diploma from a higher vocational education) or equivalent work experience  • Good knowledge of regulatory compliance – preferable on a global market  • Good knowledge of cyber security best practices, standards and maturity models (e.g. ISO 27001, ISO 31000, ISO 22301, NIST CSF, C2M2)  • Proven track record in risk management and reporting for global enterprises  • Experience designing, implementing and governing cyber security frameworks  • Experience working with auditors and QSA's in security assessments and certification processes  • Strong communication and collaboration skills in English  • Experience from driving security awareness activities and building security culture  • Proven skills in change management 

Preferred certification  • CISM, CISSP, CCISO or equivalent certification in information and cyber security  • ISO 27001 Certification (e.g. as Lead Implementor or Lead Auditor) 

Start date: 2026-03-03 

End date: 2026-11-30 

Application Deadline: Ongoing selection

   Are you the right person for the assignment, or do you want to recommend a strong candidate? Do not hesitate to contact us. 

Please apply directly through our system with: 

- Your updated CV in English 

- Availability to start the assignment 

In the motivation, describe why you are suitable for this assignment - refer to previous consulting assignments, employment, education and personal qualities. 

Please note: We do not accept any applications through mail. All applications have to be sent through the portal to be valid. 

Offer continuously: Please note that for this role we offer continuously. That means that we sometimes remove the assignments before the deadline. If you are interested, we recommend that you apply immediately. 

Öppen för alla Vi fokuserar på din kompetens, inte dina övriga förutsättningar. Vi är öppna för att anpassa rollen eller arbetsplatsen efter dina behov.