Cyber Risk & Compliance Manager

At Volue, we provide innovative software and services critical to society, empowering the shift to a cleaner, more profitable, and more sustainable energy future. As a leading European technology provider, we help energy companies optimise operations, drive efficiency, and embrace the opportunities of the green transition.

We’re now looking for Cyber Risk & Compliance Manager, a pivotal roleleading our security governance and risk initiatives across a dynamic organisation.

As our Cyber Risk & Compliance Manager, you’ll be at the heart of Volue’s security strategy. You’ll:

• Maintain and expand Volue’s ISO 27001:2022 ISMS, ensuring ongoing compliance, audit readiness, and evidence collection.
• Coordinate and manage SOC 2 readiness across multiple business units, including control mapping, gap analysis, and audit support.
• Track and interpret NIS2 requirements across EU jurisdictions; integrate new obligations into Volue’s security programme.
• Own and administer Vanta as the central GRC automation platform.
• Develop, maintain, and report on a unified information security risk register, using standardised risk scoring.
• Prepare and coordinate internal and external audits, including ISO surveillance and SOC 2 assessments.
• Produce risk and compliance metrics, dashboards, and executive reports for leadership.
• Support M&A security due diligence and post-integration control alignment.
• Collaborate with IT, Legal, and Operations teams to embed compliance controls across business processes.
• Drive continuous improvement of security governance and risk maturity.
• Configure and maintain integrations across IT environments.
• Validate automated evidence and ensure audit completeness.
• Align automated controls with Volue’s central risk register.

• 5+ years’ experience in information security governance, risk, and compliance (GRC) or related roles.
• Demonstrable experience maintaining or auditing ISO 27001 management systems (preferably 2022 version).
• Proven involvement in SOC 2 readiness or certification projects.
• Solid understanding of NIS2 Directive and other EU cybersecurity regulations.
• Hands‑on experience with GRC or compliance automation platforms (e.g. Vanta, Drata, Tugboat Logic).
• Strong knowledge of risk management frameworks (ISO 31000, NIST RMF, or equivalent).
• Excellent documentation, coordination, and audit‑preparation skills.
• Ability to translate technical controls into business‑level risk and compliance outcomes.

• Background in information security, IT audit, or risk management within SaaS or regulated industries.
• Experience integrating compliance for multi‑entity or multinational organisations.
• Professional certifications (e.g. CISM, CISA, ISO 27001 Lead Implementer/Auditor).

• Great colleagues in one of Europe’s most exciting green tech companies with innovative and international work environment
• Flexible work environment withcompetitive compensation package
• Supportive Culture: work in a diverse and inclusive team where your voice is heard and your contributions matter.
• Flat, people‑first organisation that fosters innovation and shared success.

We are looking to hire for Volue office in Oslo or Trondheim, but will be ready to consider other locations for the right candidate.

In Volue, we cherish each employee’s competence, ideas and personality. Let your skills and talent be a part of our team – and let us leave our mark on the world together!

In Volue, we believe that in order to be a successful company, we need to bring everyone to the table.

We look at diversity as a competitive advantage. A diverse workforce enables better decision‑making and creates more value. By inclusion, we refer to the sense of belonging and being part of a community at work. We want the people of Volue to feel welcome, valued and not least encouraged to bring their whole, unique selves to work.

Volue is about people. From staff to client, people are at the center of all our operations, and we always strive for a flat structure where everyone feels included, appreciated and recognized for their individual efforts. Or as we call it "ONE Volue". We hire talented individuals, regardless of gender, race, ethnicity, ancestry, age, disability, sexual orientation, gender identity or expression, cultural background or religious beliefs.