Your role
Are you passionate about strengthening cybersecurity governance, risk management, and compliance in a global pharmaceutical company? Join our skilled and collaborative Cybersecurity Team as a Senior Cybersecurity GRC Specialist and play a key role in shaping Orion´s enterprise-wide security posture!
We are looking for an experienced Cybersecurity Governance, Risk & Compliance (GRC) professional to drive and continuously develop our cybersecurity governance, risk management, and compliance practices. This role is critical in ensuring that Orion’s information security is aligned with business objectives, regulatory requirements, and industry best practices.
As a Senior Cybersecurity GRC Specialist, you will take ownership of key GRC processes and work closely with cybersecurity, IT, and business teams, as well as procurement, privacy, and compliance functions. You will collaborate with a broad range of internal and external stakeholders to ensure that security requirements and risk considerations are consistently embedded into business processes, technology initiatives, and third-party relationships.
This is a full-time position located in Espoo or Turku, and we support a hybrid working model.
Responsibilities
In this role, you will:
- Develop and operate Orion’s cybersecurity risk management process, including risk identification, assessment, treatment, management reporting, metrics, and effectiveness monitoring
- Manage and continuously improve the security exception process, including reporting
- Drive compliance activities against relevant cybersecurity frameworks, standards, and regulatory requirements
- Operate and further develop the Information Security Management System (ISMS)
- Maintain, update, and improve cybersecurity policies, instructions, and guidelines
- Coordinate and support security assessments, audits, and control reviews
- Provide GRC guidance to internal stakeholders to support informed, risk based decision making
- Develop and support cybersecurity training and awareness
What you can expect from us
At Orion, your work creates true impact and well-being for our customers, patients and society at large. Our culture of friendliness, respect, mutual appreciation and diversity creates a safe working environment where you can strive for excellence. We offer a wealth of career paths and development opportunities that support the development of innovative solutions and improving the quality of life.
Please visit our website to find further information about our values and Orion as an employer https://www.orion.fi/en/careers/orion-as-an-employer/.
What are we looking for?
To succeed in this role, you have:
- Extensive experience in cybersecurity and strong knowledge of security frameworks (e.g. ISO/IEC 27001, NIST)
- Proven experience in a cybersecurity GRC role
- Relevant cybersecurity certifications (e.g. ISO 27001 Lead Implementer, CISM, CISSP)
- Strong hands-on experience in cybersecurity risk management
- A strong analytical mindset with a proactive approach to security challenges
- Fluency in English; Finnish is considered an advantage
- Excellent collaboration and communication skills, a positive can-do attitude, and a strong sense of responsibility
Considered an advantage:
- Knowledge of NIS2
- Understanding of third-party security risk management
- Experience with security metrics and KPIs
How to apply
Please submit your resume and a brief motivation your relevant experience and why you are the best candidate to become our new colleague by 6.4.2026.
For additional details, please contact Ulla Palmila, CISO, at +358 40 338 0081 on Friday 20th of March at 14-15 or Thursday 26th of March at 12-13.
We typically review applications already during the application period and may start interviewing candidates before the application deadline. Therefore, we invite you to send your application as soon as possible.
#LI-ORION
Approved medical examination which also includes drug testing is required prior to the employment. We will also carry out a security clearance prior to the employment for the selected person.
Your new team
Information Management (IM) creates digital solutions to build the future. We support Orion Pharma’s business in achieving its strategic targets not only by ensuring the availability and security of IT services but also by constantly looking for new innovations and improvements to match the business needs in terms of business processes, digital, data and AI. Our team is 90+ people strong, located in Espoo, Turku, Hanko, and Mumbai.