Cyber Risk Management Specialist
Göteborg, PolskaKey offer highlights
Full-time
Legal: contracts / compliance / GDPR
Description
We are now looking for a Cyber Risk Management Specialist to help us turn cybersecurity insight into clear, actionable risk understanding. This is a role for someone who enjoys working at the intersection of cyber threats, business impact, governance, controls, and stakeholder collaboration.
Nice to have
Experience with quantitative risk methods (or strong interest in developing in this area).
Experience with GRC or risk management tools and platforms.
Certifications such as CISSP, CISM, CRISC, ISO/IEC 27001, FAIR, or similar.
Background in security advisory, compliance, internal control, assurance, or audit.
We believe you bring
Solid understanding of cybersecurity fundamentals and how domains connect (threats, vulnerabilities, controls).
Experience supporting or performing cyber risk assessments and turning findings into clear, business-relevant risk statements.
Working knowledge of risk management concepts and common security standards or frameworks (GRC, information security).
Strong communication and facilitation skills in English, with the ability to work effectively with both technical and non-technical stakeholders.
Structured and proactive way of working: able to plan, document, and drive work forward in cross-functional settings.
Ability to assess control effectiveness and maturity, and translate findings into practical improvement actions.
What you will do
Facilitate and perform cyber risk assessments across technologies, services, and organizational contexts.
Turn technical and business inputs into clear, business-relevant risk statements.
Support qualitative and quantitative risk analysis, including likelihood, impact, exposure, and control effectiveness.
Evaluate security controls from technical safeguards to governance processes.
Assess control maturity and recommend practical improvement actions.
Support methods, templates, and tools, and facilitate workshops with technical and non-technical stakeholders.