Security GRC Analyst

• Maintain and update core security documentation, including policies, procedures, and instructions, ensuring they remain current and relevant
• Identify, collect, and analyse data to track key security performance indicators (KPIs) and metrics, generating reports and dashboards to communicate security performance to stakeholders
• Maintain the risk register and support daily risk management activities with growing independence
• Follow up on the remediation of risks identified in new projects, third-party engagements, and other business initiatives
• Conduct thorough security posture assessments of new vendors and perform periodic reviews of existing ones
• Support our 3rd party procurement process
• Monitor the implementation and effectiveness of security controls across the organisation
• Coordinate and support activities to maintain key security certifications, including PCI-DSS and ISO 27001
• Coordinate and support the implementation of remediation plans to address identified compliance gaps
• Provide support in responding to security-related questions during partner due diligence and assist in providing necessary information for cyber insurance renewals
• Coordinate and support internal audits by providing requested information and addressing audit findings
• Develop and implement tailored security training and awareness programs for different roles, complementing existing initiatives
• Contribute to the development and implementation of the Digital Operational Resilience Strategy
• Understand the business context behind the team's work and make decisions aligned with overall team and company objectives

• 2 to 4 years of experience in information security governance, risk, or compliance roles
• Demonstrated experience with compliance frameworks and regulations (e.g., PCI DSS, ISO 27001, GDPR, PSD2, EBA outsourcing and DORA)
• Degree in Cybersecurity or Information Systems or similar
• Knowledge of security frameworks (e.g., CIS Controls, NIST CSF)
• Solid understanding of risk assessment methodologies and hands-on experience with risk registers and third-party risk management
• Experience in coordinating activities for security certifications and audits
• Ability to develop and track security metrics (KPIs)
• Strong analytical, problem-solving, and organisational skills
• Excellent communication skills, comfortable presenting to various stakeholders
• A proactive and independent worker who is also a strong team player

Experience in the financial services or fintech industry is a plus

• Work hybrid
• Meet all Junis IRL at the company onsite each year
• Diversity is at our core
• Progress your career whether you choose to manage people or not
• Stock options
• Vacation 30 days
• Private Health insurance
• Beautiful offices in central Gothenburg and Stockholm, front row sea view