Governance, Risk, Compliance & Resilience (GRC-R) consultant

Aros Circle AB / Datajobb / Västerås
2025-12-15

Prenumerera på nya jobb hos Aros Circle AB

Visa alla datajobb i Västerås, Hallstahammar, Surahammar, Eskilstuna, Enköping eller i hela Sverige
Visa alla jobb hos Aros Circle AB i Västerås, Smedjebacken, Stockholm, Ludvika eller i hela Sverige

The Governance, Risk, Compliance & Resilience (GRC-R) Officers on all levels play a key role in ensuring that the security posture of the organization remains strong, scalable, and aligned with business goals.
The GRC-R Officers four focuses are:
governance to build a structured way of working with cyber security while achieving organizational objectives and
improving security culture, risk management to identify, address, assess, mitigate and follow-up on cyber security and technology risks,
compliance to meet global and local laws, standards and other regulatory requirements within cyber security, and
resilience to ensure an ability to deliver intended outcomes despite experiencing challenging cyber events.

The officers ensure that the cyber security best practices are applied consistently on H&M's global market. They collaborate closely with other functions within the organization and continuously enhances our services and processes.

The GRC-R Officer is a high-level role. This position leads in developing and maintaining a comprehensive governance framework, managing cyber risks, ensuring compliance with global standards and regulations, and strengthening resilience through business continuity and crisis management.
With an advanced understanding of cyber security principles, the GRC-R Officer enforces to the strategic direction and ensures its implementation across the XX Group.
Responsibilities
On a high-level leading in:
* Develop and continuously improve the organization's Governance, Risk, Compliance and Resilience (GRC-R) frameworks within cyber security.
* Ensure the governance structure and security steering documents are accessible, clearly understood, and adopted across all levels of the organization.
* Conduct and oversee comprehensive cyber risk assessments at both enterprise and operational levels; maintain and regularly update central risk registers enabling riskinformed decision-making.
* Develop audit and control testing schedules, and ensure systematic evaluation of compliance levels and control effectiveness.
* Support and guide the organization through security incidents and crisis events, identifying root causes and presenting pragmatic, risk-based solutions.
* Drive a culture of continuous improvement by identifying and introducing more effective and efficient controls and processes across the cyber security domain.
* Collaborate regularly with internal departments and external stakeholders, including third party vendors, to manage cyber security risks and ensure alignment with internal standards and contractual obligations.
* Act as a visible ambassador for cyber security, making complex security topics understandable and accessible to all employees.
You must have the following qualifications ; if not; do not apply.
Qualifications
* Typically, 5+ years in cyber security
* Typically, 7+ years in governance, risk management, compliance and/or resilience
* Applicable educational background within GRC and/or information and cyber security (e.g. a university degree or a diploma from a higher vocational education) or equivalent work experience.
* Good knowledge of regulatory compliance - preferable on a global market
* Good knowledge of cyber security best practises and standards (e.g. ISO 27001, ISO 31000, ISO 22301, NIST 800, C2M2, CMMC)
* Proven track record in managing risk in a global enterprise
* Experience designing, implementing and governing cyber security frameworks
* Experience working with auditors and QSA's in security assessments and certification processes
* Strong communication and collaboration skills
* Experience from driving security awareness activities and building security culture
* Proven skills in change management

Other qualifications/optional certification
* CISM, CISSP, CCISO or equivalent certification in information and cyber security
* ISO 27001 Certification (e.g. as Lead Implementor or Lead Auditor)
* Certification in Business Continuity Management (e.g. CBCP or ISO 22301

Aros Circle AB
Vi är ett stabilt konsultbolag som har funnits i Västerås sedan år 2000. Vi har än så länge varit lönsamma i 25 års tid. Våra kunder förväntar sig att en konsult kan hoppa in direkt i arbetsuppgifterna och det gör att vi ej kan anställa dig om du varit arbetslös i mer än ett år.
Vänligen ansök snarast. Märk ansökan med 14805 Skicka ditt CV till sales@aroscircle.se
Hög lön.

Så ansöker du
Sista dag att ansöka är 2026-01-14
Mail
E-post: sales@aroscircle.se

Arbetsgivarens referens
Arbetsgivarens referens för detta jobb är "Arboga -".

Omfattning
Detta är ett heltidsjobb.

Arbetsgivare
Aros Circle AB (org.nr 556595-5704)
Pilgatan 21 (visa karta)
721 30  VÄSTERÅS

Kontakt
VD
Ulf Enarsson
ulf.enarsson@aroscircle.se
0708355597

Jobbnummer
9645080

Prenumerera på jobb från Aros Circle AB

Fyll i din e-postadress för att få e-postnotifiering när det dyker upp fler lediga jobb hos Aros Circle AB: