Senior GRC Specialist Assurance, Advisory & IT Maturity

Telenor Shared Services (TSS) delivers standardized, business-critical services to Telenor companies across the Nordics and Asia. Our responsibilities span Finance, HR, Enterprise IT, information security, and data governance.

TSS operates in an environment characterized by increasing regulatory requirements, extensive use of SaaS solutions, external vendors, and autonomous delivery teams. This places high demands on practical governance, clear expectations, and demonstrable IT and security maturity in daily operations.

We are strengthening our GRC capability with a senior, hands-on role focused on assurance, structured reviews, and maturity assessments, combined with active advisory support to delivery teams.

The role requires IT and system understanding to verify that defined requirements are met in practice, not to design or review technical architectures or solutions.

This role is for someone who enjoys checking that expectations are actually fulfilled, while also helping teams understand requirements and close identified gaps. It is not a legal role, a policy-authoring role, or a security architecture position.

The Role – What You Will Actually Do

As a Senior GRC Specialist in TSS, your primary responsibility is to ensure that services and delivery teams operate in line with defined security and IT governance requirements.

You will do this through structured reviews and audits, combined with dialogue, guidance, and advisory support before, during, and after assessments. The role requires the ability to understand and verify IT-related documentation and evidence, without responsibility for system design, architecture decisions, or solution development.

Your Main Responsibilities

• Conduct structured reviews and audits of delivery teams, services, and their documentation to verify compliance with Telenor security policies, governing manuals, and defined IT maturity requirements.

• Act as an advisor to delivery and service teams, clarifying expectations, explaining findings, and supporting teams in identifying practical, risk-based remediation actions.

• Review IT system documentation (e.g. architecture overviews, data flows, access descriptions, and control documentation) to confirm that requirements are met, not to evaluate or design technical solutions.

• Assess the quality and completeness of documentation, evidence, and implemented controls.

• Identify gaps, weaknesses, and improvement areas, and ensure they are clearly documented, communicated, and followed up to closure.

• Perform and contribute to risk and maturity assessments across systems, services, and vendors, with a focus on real-world implementation.

• Support teams before, during, and after reviews, ensuring that requirements are understood and that corrective actions are realistic and effective.

• Prepare clear, decision-ready reporting for management on maturity levels, risk exposure, and recurring issues.

• Collaborate closely with Group Security, the Privacy Office, Risk Management, and technical environments to ensure consistent, constructive assurance practices across TSS.

What This Role Is – and Is Not

This role is:

• Operational, hands-on, and close to delivery teams

• Focused on assurance, verification, and maturity assessments

• A role where independent assurance and practical advisory work go hand in hand

• A second-line role requiring IT literacy for verification purposes

This role is not:

• A legal or regulatory interpretation role

• A policy- or framework-authoring role

• A security architecture or solution design role

• A people-management or director-level position

Who We Are Looking For

We are looking for an experienced GRC, IT governance, or technology risk professional who is comfortable verifying compliance, challenging gaps, and advising teams on how requirements are met in practice.

You enjoy:

• Assessing maturity against clear, predefined expectations

• Reviewing documentation and evidence with a critical eye

• Following up findings until they are resolved

• Working closely with technical and operational teams — without owning their designs

Qualifications

• Minimum 5 years of relevant experience within IT governance, security GRC, technology risk, internal audit, or similar roles.

• Hands-on experience performing reviews, audits, or assessments of IT services, systems, or teams.

• Ability to understand IT systems and technical documentation well enough to verify compliance with defined requirements and controls, without responsibility for architecture or solution design.

• Experience working with risk registers, control assessments, or assurance tools.

• Strong written and verbal communication skills in English.

Required Information

• Application deadline: 06.04.2026

• Work location: Lisbon

• Work model: Hybrid

• Contact person: Thomas Gudmundsen, Head of Information Security, [email protected] (+47 470 15 652)

• Background check: We conduct background checks via SEMAC AS for final candidates.

• Security authorization: For this role, we do a Security Authorization, that will take place at the Norwegian Embassy.

Telenor Shared Services (TSS) is Telenor Group’s Business Support organization, delivering secure, efficient and business-critical systems, services and support to Telenor entities and employees across the globe. Our core offerings span Finance & Procurement, HR, and Enterprise IT, and are powered by over 500 highly skilled professionals located in the Nordics, Pakistan, and Portugal.

By leveraging automation, AI, cross-unit collaboration, and new technologies, we enable simplification, reliability, and high user satisfaction. Our mission is to empower Telenor Group as a whole to focus on its core business, while we deliver the backbone of operational excellence.