Security Risk and Compliance Specialist

Do you want a leading role in securing the maritime industry?

Apply here

Do you want a leading role in securing the maritime industry? 

 

??“In Wilhelmsen you will take the lead in our security transformation” ?? 

 

To reach our security ambitions, we are looking for a Security Risk and Compliance Specialist that will take the leading role in our security journey. The position will be part of the Wilhelmsen Ships Service (WSS) Cyber Security team, and report directly to Head of Cyber Security. We can offer a wide array of security challenges and tasks and you will get to apply your trade in a very flat, unbureaucratic structure which allows for quick decision making. 

 

“The advantage of working in WSS Cyber Security team is the opportunity to shape your work and use your skills and talent to take the lead in company’s security transformation. We can offer a wide variation of security challenges and the opportunity to work with modern tools and technology” - Milan Stojkovic, Head of Cyber Security in Wilhelmsen Ships Service.

 

 

What you will be doing: 

 You will be responsible for enhancing and performing assessments within our GRC strategy and compliance frameworks to maintain the highest levels of security, integrity, and transparency across WSS. You will operationalize and mature the GRC tool, document associated business processes, perform risk and compliance assessments, and establish best practices based on legal and regulatory requirements. This role will collaborate with process owners, internal/ external auditors, and other stakeholders to help review, monitor, and resolve findings. 


The responsibilities may include:  

  • Assist in the development and implementation of the GRC framework aligned with industry best practices and regulatory requirements. 
  • Assist in conducting risk assessments, identifying potential threats and vulnerabilities, and supporting the development of risk mitigation strategies. 
  • Support ongoing compliance monitoring activities to ensure adherence to internal policies, relevant regulations, standards, and contractual obligations. Develop reporting metrics, dashboards, and evidence artifacts.
  • Support audit activities by gathering evidence, conducting preliminary assessments, and assisting in the remediation of audit findings. 
  • Support, develop, and configure GRC system services and improvements. Schedules regular assessments and testing of effectiveness and efficiency of controls. 
  • Assist in evaluating and managing risks associated with third-party vendors and service providers. Review and incorporate security into third-party agreements. 
  • Assist the department in closing sales opportunities and responding to inquiries from the customers about ongoing operational compliance (security questionnaires). 
  • Participate in the review, development, and maintenance of security policies, standards, and procedures to ensure compliance with regulatory mandates and industry standards. 
  • Perform other related duties as assigned. 


What we are looking for 

Someone with a bachelor’s degree in information cybersecurity, risk management, governance, or a related field, and 3+ years of experience in GRC domain. Relevant experience may be considered in lieu of education. Other qualifications include:  

  • Strong understanding of GRC concepts, principles, and practices 
  • Familiarity with relevant regulations, standards, and frameworks (e.g., ISO27001, SOC 2, NIST, NIS2, CMMC, GDPR, etc.) 
  • Experience managing GRC functions using a GRC tool or platform (e.g., Hyperproof, OneTrust, Drata, Secureframe, etc.) 
  • Proven track record of organizing and carrying out several risk and compliance projects 
  • Ability to successfully manage third-party audits, compile evidence, and organize audit responses 
  • Security certifications related to job functions (e.g., ISO 27001 Lead Implementer/Auditor, CISA, CISM, or CISSP, or is working toward certification) 


What we offer 

 Working in Wilhelmsen can offer a culture and work environment of strong leadership, career development, work-life balance and a job that is both challenging and stimulating. Our organization thrives by using modern tools and is eager to utilize the business opportunities that comes with new digital tools and skills. Beyond this, we have benefits that include, but are not limited to: 

  • Flexible working arrangements 
  • Unique pension plan with attractive employer contribution
  • Company cabins (Norway, Sweden, Denmark, Germany, Portugal, and Spain)
  • Social events year round (wine tastings, cooking classes, yoga, dance, and rock- climbing lessons etc.) 
  • Sports club membership that includes sporting and cultural activities (group training in our gymnasium, sailing, theatre, and concert tickets etc.) 
  • Shopping discounts 

 

Applications will be reviewed on a rolling basis.