Autosøk

Security Risk \& Compliance Analyst

AutoStore AS

0283 Oslo

Job Description

Security Risk & Compliance Analyst

The Security Risk and Compliance Analyst is the operational engine of AutoStore's Technology Risk and Compliance function, turning frameworks and policies into working processes, maintaining the evidence base for assurance activities, and keeping the compliance position current and visible.

Control Assurance and Audit

  • Maintain control documentation, ownership records, and evidence in line with the framework owned by the SRCP.
  • Coordinate IT General Controls (ITGC) and Internal Control over Financial Reporting (ICFR) requirements.
  • Own the operational management of the risk exception and control deviation process.

Third Party Assurance & Reporting

  • Execute the supplier assurance programme, issuing questionnaires, tracking responses, and maintaining the supplier risk register.
  • Maintain accurate records across all areas of responsibility and contribute timely, structured data to dashboards.

AI Governance and Support

  • Support the SRCP in the operational delivery of AutoStore's AI governance programme.
  • Monitor the AI obligations inventory and flag where new tool adoptions or regulatory updates may affect compliance.

Security Education & Awareness

  • Lead the design and delivery of AutoStore's security and privacy awareness programme.
  • Develop and maintain metrics that measure genuine behavioural change.

Requirements

  • Experience in a compliance, GRC, risk, or information security role with hands-on operational delivery responsibilities.
  • Familiarity with control frameworks, including documenting, evidencing, and testing controls, and supporting audit activities.
  • Strong organisational skills, with the ability to manage multiple concurrent workstreams and maintain accurate records.
  • Clear written communication skills, able to translate compliance requirements into plain-language guidance for non-specialists.
  • Desirable: ISO 27001 Lead Implementer/Auditor certification or equivalent.
  • Desirable: Experience delivering security awareness programmes or familiarity with AI governance considerations.

Skills

GRC (Governance, Risk, and Compliance)Information SecurityControl Frameworks (ISO 27001)Audit Coordination (ITGC/ICFR)Risk AssessmentAI GovernanceSecurity Awareness TrainingData Documentation

Experience

mid-level

Similar Jobs