Position: Cybersecurity GRC Consultant

Cybersecurity GRC Consultant
 
Contract period: 09.02.2026 - 29.01.2027
Location: Oslo, Stavanger

Main tasks:

• Cybersecurity governance
• Maintain, develop and mature Company’s cybersecurity governance framework, policies and standards
• Ensure alignment with internal risk frameworks and enterprise governance models
• Translate strategy and regulatory requirements into practical, implementable controls
• Risk management
• Facilitate and perform cybersecurity risk assessments across IT, OT and digital initiatives
• Support threat  and risk based decision making for projects, suppliers and operations
• Track risk treatment plans, risk acceptance and management actions
• Compliance and assurance
• Support compliance with relevant laws, regulations and industry standards (e.g. NIS2, ISO/IEC 27001, IEC 62443)
• Plan and execute internal cybersecurity assessments 
• Contribute to management reporting and leadership decision support
• Advisory and collaboration
• Act as a trusted cybersecurity advisor for projects, product teams and business units
• Collaborate with IT, OT, architecture, procurement and vendor management
• Contribute to secure by design and risk based ways of working
• Awareness and capability building
• Support development of cybersecurity guidance, training and awareness initiatives
• Help build a strong risk culture where cybersecurity is understood in the business units

Qualifications:

• Relevant education within cybersecurity, IT, engineering or a related field
• Practical experience with cybersecurity governance, risk management and compliance
• Solid understanding of cybersecurity principles across IT and preferably OT environments
• Experience working with standards such as ISO 27001, NIST, CIS or IEC 62443
• Solid understanding of AI, automation and emerging technologies’ effect on Cyber security risk, IT&OT operations, and on data driven technology used for decision support
• Experience from energy, oil & gas, industrial or other complex operational environments
• Familiarity with regulatory requirements such as NIS2 or critical infrastructure legislation
• Experience with third party risk management or supplier assurance
• Certification(s) such as CISM, CISSP, CRISC, ISO 27001 LA/LI (nice to have, not required)
• Structured, pragmatic and risk based in your approach
• Comfortable working independently while collaborating across disciplines
• Able to challenge constructively and influence without formal authority
• Motivated by improving real world security—not just documentation

With over 90 years' combined experience, NES Fircroft (NES) is proud to be the world's leading engineering staffing provider spanning the Oil & Gas, Power & Renewables, Chemicals, Construction & Infrastructure, Life Sciences, Mining and Manufacturing sectors worldwide. With more than 80 offices in 45 countries, we are able to provide our clients with the engineering and technical expertise they need, wherever and whenever it is needed. We offer contractors far more than a traditional recruitment service, supporting with everything from securing visas and work permits, to providing market-leading benefits packages and accommodation, ensuring they are safely and compliantly able to support our clients.