Norges Bank Investment Management has a strategic ambition to strengthen our cyber-defenses significantly over the next few years. To achieve this goal, we need true cyber-security specialists to join and strengthen the Information Security Risk team. The team is a 2nd line function working for the Chief Governance and Compliance Officer who reports directly to the CEO, but also independently to the Executive Board. We are a dedicated specialist team in the Operational Risk and Control group who manage, advise, train, and report on the operational risks in the fund, whereby cyber-security is considered a significant risk.
The fund has invested in more than 9000 companies, partnered with around 80 external fund managers and rely on more than 1000 providers where the majority is delivering IT services. Simply put we place a great deal of control into our vendors’ hands. Protecting the confidentiality, integrity and availability of our information, regardless of whether it is handled by us or third parties, is paramount to our organisation and the mission we are tasked to execute. With our cloud-first strategy, we believe that dependencies on third parties will expand even further and require us to challenge and rethink how we manage cyber-security risks. Therefore, we seek for a person who can take the lead in this field.
What you will do
Your role will be to primarily lead the continuous development of our framework for third-party risk management (TPRM) and guide implementation of the framework in the organisation. Close collaboration with the business and operational security teams, as well as the specialist business continuity team, is essential. You will also be closely involved in other activities the team is covering such as security assessments, control reviews and training of our employees.
- Further developing the framework for third party risk management to identify, monitor and manage risk for providers and partners during their life-cycle. This includes use of security rating services and other security tools.
- Overseeing implementation and adherence of the framework in the organisation by working closely with the vendor management, IT area, procurement, legal and external fund management teams.
- Advising the organisation on how to handle third party risks they own.
- Performing security risk assessments of providers and their solutions.
- Contribute to quarterly and annual reporting to the board on third party risks.
- Maintaining and communicating cyber-security requirements and expectations to our third parties and ensuring key requirements are included as part of the contract.
- Assisting the team in our efforts to manage all cyber-security risks and provide advice and training to our personnel including the senior management group.
What do you need
- Master’s degree either in information security, computer sciences or engineering, with excellent academic records. Other fields could also be of interest.
- A genuine interest in cyber-security; including but not limited to a comprehensive overview of threats, vulnerabilities, controls and best practices within the space.
- Technical knowledge for building and utilising tools to assist in improving our cyber security offering.
- Experience from the financial industry is an advantage.
Who you are
- Someone who likes to take ownership of issues and have a structured problem-solving mindset.
- Analytical creativity and intellectual curiosity with a strong attention to detail.
- Proactive and self-driven work style and a good team player.
- International mindset with an eagerness to learn.
- Strong stakeholder management both internally and externally at a global level.
- Comfortable with ambiguity.
- High level of integrity with an ability to learn and an ambition to excel.
- Ability to communicate with all levels of the organization and exhibit a high level of proficiency in written and spoken English and Norwegian.
What we offer
Norges Bank Investment Management offers a rewarding, international fast-paced working environment, and the opportunity to play a role in safeguarding and building financial wealth for future generations as part of one of the world’s largest funds. Norges Bank Investment Management has a performance culture that values the contribution of every individual and focuses on professional growth.
Our core values of excellence, innovation, integrity and team spirit underpin our culture and how we operate across all our offices. We collaborate and share information within our organisation which consists of 37 nationalities. English is our common working language. Our organisation is grounded in trust, high ethical standards, a flat hierarchy and diversity. We aim to increase the share of women to exceed or match the industry average across all functions.
Norges Bank Investment Management is committed to ensuring Equal Opportunities for all employees.
- Competitive base salary offered
- Comprehensive Insurance Plan
- Home and Consumer Loan
- Inhouse Gym and Squash
- Access to holiday facilities in Norway and aboard
- Support to take necessary courses and certifications to keep up with the technology
The position will be in Oslo and some travel is necessary.
If you have questions related to the position, you are welcome to contact Partner Johannes Westersø in Capus on 95 17 91 69, Partner Jonas Rambæk on 93 24 21 33, on or Adviser Anders Kihle on 97 76 78 16. To be considered for the position, you must apply via the link “Søk her”. You must then fill in a short form with personal details, as well as upload the application and CV.
Norges Bank Investment Management manages the Government Pension Fund Global, best known as the Petroleum Fund. We manage assets worth more than NOK 10,000 billion. The fund is invested in international equities, real estate and fixed income.
The purpose of the Petroleum Fund is to ensure responsible and long-term management of the revenues from Norway´s oil and gas resources so that both current and future generations can take part in the wealth.
The goal for the management of the fund is to achieve the highest possible return by taking moderate risk. This shall be excercised in a safe, efficient, responsible and transparent manner and within the mandate set by the Ministry of Finance.