Cyber Security Specialist - Governance, Risk and Compliance

Are you excited about ensuring the security of critical IT/OT systems? Do you thrive in a dynamic environment with a background in IT, OT, and risk management? If so, we have an exciting opportunity for you to join our team as a Cyber Security Specialist focusing on Governance, Risk and Compliance (GRC). Join our Cyber Security team in Hydro Aluminum Metal, where you will learn, grow, and make a significant impact on the security and resilience of our critical systems. We offer a welcoming work environment that promotes professional development and growth. 
 
Why us? 
At Hydro, we are committed to safeguarding our critical systems and making a significant impact on the security and resilience of our organization. As a Cyber Security Specialist GRC you will play an important role in developing, implementing, and managing governance, risk, and compliance frameworks tailored to the unique challenges of IT and OT systems in Hydro Aluminum Metal. This role requires a blend of strategic oversight, technical expertise, and understanding of regulatory environments impacting operational and information technology.

Your role: 

• Improve and develop business area governance including the structure and ensure proper handling of changes. 
• Facilitate a governance board for approval of changes with key stakeholders such as asset owners, BISO and IT director.
• Ensure alignment of business area governance with Hydro global governance, external requirements (NIS2, TISAX) and standards (CIS, IEC 62443) relevant to IT/OT environment.
• Support the business area to implement governance, and act as a coordinator if needed between cross functional teams.
• Have a close dialogue with owners of governance, e.g. CISO, BISO etc.
• Support the business in meeting governance and external requirements such as NIS2 and TISAX, while raising awareness and promoting a culture of compliance. 
• Contribute to a continuous improvement of the risk methodology. 
• Facilitate and conduct risk assessment workshops at the plants for IT/OT systems supporting critical processes in close cooperation with the asset owners and the SMEs. 
• Support the asset owners to understand the identified risks and build mitigation strategies in collaboration with solution architects.
• Be a part of the risk and compliance network in Hydro.
• Support audits and ensure timely resolution of findings, monitor and report on compliance status and provide recommendations for continuous improvements.
• Serve as a subject matter expert on the intersection of IT and OT, advising stakeholders on security best practices and risk management.
• Stay updated on emerging threats, regulatory changes, and best practices in GRC for IT/OT environments. 

Personal characteristics to enjoy the role: 

• Effective communicator: Strong analytical and communication skills with the ability to influence diverse stakeholders.
• Driven: Thrive in a diverse and fast-paced environment, driving continuous improvement of GRC.
• Team player: Collaborate with stakeholders at all levels of the organization to achieve shared goals. 
• Learner: Stay updated on the latest trends and developments in IT/OT through own learning, conferences, and courses. 
• Dedicated: Committed to achieve results, prioritize tasks, and meet deadlines 
• Ethical and professional: Maintain confidentiality and integrity when handling sensitive information. 
• Travel: Willingness to travel to our smelters in Norway and recyclers in Europe and US.

 
Preferred competencies: 

• B.Sc. in computer science, cyber security, IT, cybernetics, or related fields.
• Proven experience in IT/OT governance, risk, and compliance.
• Practical understanding of OT environments, including SCADA, ICS, and their integration with IT systems.
• Familiarity with regulatory frameworks and standards (e.g., IEC 62443, CIS).
• Relevant certifications are considered as a plus.
• Knowledge of ServiceNow IRM is desirable.

Work location:
Head office in Oslo or all our aluminum plants in Norway. 

Deadline: 05.01.2025.

Additional Information 
Please enclose a cover letter and copies of relevant academic transcripts, diplomas, certificates etc. Only applications received through our online system will be considered, not via e-mail. As part of our recruitment process, we use Semac for background check.