GRC Officer – Cyber Security

About the Company

Avaron AB is a growing consultancy focused on technology, finance, and business support. We match your expertise with the market's most interesting assignments, offering a platform where your professional development is central.

We are looking for an experienced Cyber Security professional to take a leading role within Governance, Risk and Compliance (GRC) in a global organization. In this role, you will help ensure the security posture remains strong, scalable, and aligned with business goals—through structured governance, proactive risk management, and compliance with relevant laws, standards, and regulatory requirements.

You will collaborate closely with stakeholders across the organization and contribute to continuously improving services, processes, and security culture. The assignment also includes strengthening resilience through business continuity and crisis management.

• Contribute to the development and continuous improvement of cyber security GRC frameworks
• Ensure governance structures and security steering documents are accessible, understood, and adopted across the organization
• Conduct and oversee cyber risk assessments at enterprise and operational levels
• Maintain and regularly update central risk registers to enable risk-informed decision-making
• Develop audit and control testing schedules and follow up on compliance and control effectiveness
• Drive continuous improvement by identifying and introducing more effective and efficient controls and processes
• Collaborate with internal stakeholders and third-party vendors to manage cyber security risks and align with standards and contractual obligations
• Act as an ambassador for cyber security by making complex topics understandable and actionable for employees

• Typically, 5+ years in cyber security in a global enterprise
• Typically, 3+ years in governance, risk management and compliance
• Applicable educational background within GRC and/or information and cyber security (e.g. a university degree or a diploma from a higher vocational education) or equivalent work experience
• Good knowledge of regulatory compliance (preferably in a global market context)
• Good knowledge of cyber security best practices, standards and maturity models (e.g. ISO 27001, ISO 31000, ISO 22301, NIST CSF, C2M2)
• Proven track record in risk management and reporting for global enterprises
• Experience designing, implementing and governing cyber security frameworks
• Experience working with auditors and QSA's in security assessments and certification processes
• Strong communication and collaboration skills in English
• Experience driving security awareness activities and building security culture
• Proven skills in change management

• CISM, CISSP, CCISO or equivalent certification in information and cyber security
• ISO 27001 certification (e.g. Lead Implementor or Lead Auditor)

Selections are made on an ongoing basis, so we recommend that you apply as soon as possible.