AutoStore · 채용 중 21건
Security Risk and Compliance Analyst
Security Risk and Compliance Analyst
애널리스트정규직— · 경력 무관
AutoStore에서 보안 리스크 및 컴플라이언스 분석가를 채용합니다. GRC 및 정보보안 실무 경험이 필수이며, 통제 프레임워크 운영과 감사 대응 능력이 중요합니다. AI 거버넌스 지원 및 보안 인식 교육 프로그램을 주도하며, 다수의 업무를 체계적으로 관리할 수 있는 분을 찾습니다. 노르웨이 내 근무가 가능해야 하며, 유연하고 협력적인 조직 문화를 제공합니다.
The Security Risk and Compliance Analyst is the operational engine of AutoStore's Technology Risk and Compliance function, turning frameworks and policies into working processes, maintaining the evidence base for assurance activities, and keeping the compliance position current and visible. Reporting to the CISO, the role works across IT, Legal, Finance, HR, and Product to ensure regulatory and certification obligations are met, controls are documented and evidenced, and employees understand and act on their security responsibilities.
The Security Risk and Compliance Analyst works closely with the Senior Risk and Compliance Professional (SRCP) on a day-to-day basis, operating within the frameworks and programme structure the SRCP owns, and escalating material issues to the CISO. AI is a growing part of this role, both as a practical tool for working more effectively, and as a subject area that requires operational support across governance, risk assessment, and awareness.
Maintain control documentation, ownership records, and evidence in line with the framework owned by the SRCP, supporting the assurance and testing cycle, coordinating with control owners, and flagging gaps or discrepancies to the SRCP or CISO as appropriate.
Coordinate IT General Controls (ITGC) and Internal Control over Financial Reporting (ICFR) requirements, maintaining documentation of scope, testing schedules, and results, and acting as the primary operational interface for cybersecurity audit activities, tracking findings to closure.
Own the operational management of the risk exception and control deviation process, intake, documentation, approval tracking, expiry management, and escalation of material exceptions to the CISO.
Execute the supplier assurance programme, issuing questionnaires, tracking responses, maintaining the supplier risk register, and escalating gaps to the CISO, ensuring outcomes feed into third-party risk reporting.
Maintain accurate records across all areas of responsibility, compliance register, control evidence, audit findings, exception log, and supplier outcomes, and contribute timely, structured data to the SRCP’s dashboards and reporting outputs.
Proactively flag changes in compliance or assurance status to the SRCP and CISO, and maintain documentation to a standard that supports internal visibility and external audit or regulatory scrutiny.
Support the SRCP in the operational delivery of AutoStore's AI governance programme, maintaining the AI tools register, coordinating risk assessments of AI tools submitted for approval, tracking assessment outcomes, and keeping records current as the AI landscape evolves.
Monitor the AI obligations inventory maintained by the SRCP, flagging where new tool adoptions, regulatory updates, or business changes may affect AutoStore's compliance position under the EU AI Act or related frameworks.
Apply AI-assisted tools across day-to-day GRC work, compliance tracking, evidence management, risk analysis, and reporting, and contribute practical experience of what works to the SRCP’s broader assessment of AI-assisted GRC capabilities.
Lead the design and delivery of AutoStore's security and privacy awareness programme, delivering targeted campaigns (phishing simulations, data handling, access management, AI use, social engineering) in collaboration with HR and Communications, and managing the awareness training platform.
Develop and maintain metrics that measure genuine behavioural change, not just participation, tracking trends in phishing results, training completion, and incident patterns to continuously improve programme targeting and content.
Ensure AI use is a substantive topic within the awareness programme, not a single annual module but an evolving thread that reflects how AI tools are being used across the business, the risks they introduce, and the behaviours AutoStore expects.
Experience in a compliance, GRC, risk, or information security role with hands-on operational delivery responsibilities
Familiarity with control frameworks, including documenting, evidencing, and testing controls, and supporting audit activities
Strong organisational skills, with the ability to manage multiple concurrent workstreams and maintain accurate records
Clear written communication skills, able to translate compliance requirements into plain-language guidance for non-specialists
ISO 27001 Lead Implementer/Auditor certification, or equivalent
Experience delivering security awareness programmes, including phishing simulations
Experience with GRC tooling or security awareness training platforms
Familiarity with AI governance considerations and the compliance and risk implications of AI tool adoption
A Collaborative and Inclusive Culture where we celebrate and value everyone’s contributions, encouraging diverse perspectives in decision-making.
Work-Life Balance & Well-being: We offer 1 hour per week of paid exercise, health insurance, and a generous pension plan, prioritizing your mental and physical well-being.
A Creative and Safe Workplace by joining a company experiencing rapid growth, with the stability of being Norway’s first unicorn listed on the Oslo Stock Exchange.
International and Supportive Environment within a Norwegian multinational that values collaboration and innovation.
Application deadline: July 26th. Please note that we review applications continuously—if this opportunity excites you, we encourage you to apply as early as possible! All inquiries are treated confidentially.
If you are applying from outside of Norway please indicate that you will be relocating to be considered.
AutoStore does not accept agency resumes or assistance for this role. Please do not forward resumes to our job's alias or AutoStore employees. AutoStore is not responsible for any fees related to unsolicited resumes. This policy should be respected.