GRC Security Specialist
Role Summary:
The ISMS Specialist / GRC Analyst / Information Security Analyst is responsible for supporting, maintaining, and continuously improving the organization’s Information Security Management System (ISMS) in line with international standards (e.g., ISO/IEC 27001 and NIST). The role ensures that information security steering documents and associated controls are implemented, monitored, and effective, and that compliance with regulatory and internal requirements is maintained. The specialist acts as a subject matter expert, providing guidance and support across the organization on GRC (Governance, Risk & Compliance)-related matters.
Key responsibilities:
- Maintain and improve the ISMS framework, policies, directives, and internal standards.
- Coordinate and support internal and external information security assessments.
- Monitor compliance with information security policies and standards.
- Support risk assessments and risk treatment activities within Information Security.
- Monitor and report on Information Security performance metrics.
- Provide training and awareness on ISMS topics.
- Liaise with stakeholders to ensure alignment with business objectives and regulatory requirements.
- Third-party risk assessments and Security assessments internally
Responsibilities and authorities
List of responsibilities and authorities:
- Authorized to access and manage ISMS documentation and records.
- Can recommend and initiate corrective and preventive actions within the ISMS scope.
- May have authority to approve certain ISMS-related changes or exceptions.
- No direct budget or personnel responsibility unless otherwise specified.
- Reports to the Group Information Security Risk & Compliance Manager on ISMS matters.
Key competences:
List of key competences
- In-depth knowledge of ISMS frameworks (especially ISO/IEC 27001 and NIST).
- Strong understanding of information security risk management as well as management systems.
- Analytical and problem-solving skills.
- Effective and easy to understand communication and stakeholder management.
- Project management abilities.
Requirements:
- Education: Bachelor’s degree in computer science, information security or related field.
- Relevant certifications (e.g., ISO/IEC 27001 Lead Implementer/Auditor, CISM)
Languages:
Fluent in English
Computer skills:
Good, Microsoft 365 suite, ServiceNow platform
Other:
Experience:
8+ years in information security or a related field, preferably in a global or enterprise environment.
Personal qualities:
List of personal qualities
- Very Detail-oriented and thorough.
- High integrity and confidentiality.
- Proactive and self-motivated.
- Strong organizational and planning skills.
- Ability to work independently and as part of a team.
We are the ASSA ABLOY Group
Our people have made us the global leader in access solutions. In return, we open doors for them wherever they go. With nearly 63,000 colleagues in more than 70 different countries, we help billions of people experience a more open world. Our innovations make all sorts of spaces – physical and virtual – safer, more secure, and easier to access.
As an employer, we value results – not titles, or backgrounds. We empower our people to build their career around their aspirations and our ambitions – supporting them with regular feedback, training, and development opportunities. Our colleagues think broadly about where they can make the most impact, and we encourage them to grow their role locally, regionally, or even internationally.
As we welcome new people on board, it’s important to us to have diverse, inclusive teams, and we value different perspectives and experiences.