The Security Risk and Compliance Analyst is the operational engine of AutoStore'sTechnology Risk and Compliancefunction,turning frameworks and policies into working processes,maintainingthe evidence base for assurance activities, and keeping the compliance position current and visible. Reporting to theCISO, the role works across IT, Legal, Finance, HR, and Product to ensure regulatory and certification obligations are met, controls are documented andevidenced, and employees understand and act on their security responsibilities.
The Security Risk and Compliance Analyst works closely with the SeniorRisk and ComplianceProfessional(SRCP)on a day-to-day basis,operatingwithin the frameworks and programme structure theSRCPowns, and escalating material issues to the CISO. AI is a growing part of this role,both as a practical tool for working more effectively, and as a subject area that requires operational support across governance, risk assessment, and awareness.
Control Assurance and Audit
Maintain control documentation, ownership records, and evidence in line with the framework owned by theSRCP, supporting the assurance and testing cycle, coordinating with control owners, and flagging gaps or discrepanciesto theSRCPor CISO asappropriate
Coordinate IT General Controls (ITGC) andInternal Control over Financial Reporting(ICFR)requirements,maintainingdocumentation of scope, testing schedules, and results, and acting as the primary operational interface for cybersecurity audit activities, tracking findings to closure.
Own the operational management of the risk exception and control deviation process, intake, documentation, approval tracking, expiry management, and escalation of material exceptions totheCISO
Third Party Assurance& Reporting
Execute the supplier assurance programme, issuing questionnaires, tracking responses,maintainingthe supplier risk register, and escalating gaps to theCISO, ensuring outcomes feed into third-party risk reporting.
Maintainaccuraterecords across all areas of responsibility, compliance register, control evidence, audit findings, exception log, and supplier outcomes, and contributetimely, structured data to theSRCP’sdashboards and reporting outputs.
Proactively flag changes in compliance or assurance status to theSRCPandCISO, andmaintain documentation to a standard that supports internal visibility and external audit or regulatory scrutiny
AI Governance and Support
Support theSRCPin the operational delivery of AutoStore's AI governance programme,maintainingthe AI tools register, coordinating risk assessments of AI toolssubmittedfor approval, tracking assessment outcomes, and keeping records current as the AI landscape evolves.
Monitor the AI obligations inventorymaintainedby theSRCP, flaggingwherenew tool adoptions, regulatory updates, or business changes may affect AutoStore's compliance position under the EU AI Act or related frameworks.
Apply AI-assisted tools across day-to-day GRC work, compliance tracking, evidence management, risk analysis, and reporting, and contribute practical experience of what works to theSRCP’sbroader assessment of AI-assisted GRC capabilities.
Security Education & Awareness
Lead the design and delivery of AutoStore's security and privacy awareness programme,delivering targeted campaigns (phishing simulations, data handling, access management, AI use, social engineering) in collaboration with HR and Communications, and managing the awareness training platform.
Develop andmaintainmetrics that measure genuine behavioural change, not just participation,tracking trends in phishing results, training completion, and incident patterns to continuously improve programme targeting and content.
Ensure AI use is a substantive topic within the awareness programme, not a single annual module but an evolving thread that reflects how AI tools are being used across the business, the risks they introduce, and the behaviours AutoStore expects.
Key Qualifications
Essential
Experience in a compliance, GRC, risk, or information security role with hands-on operational delivery responsibilities
Familiarity with control frameworks, including documenting, evidencing, and testing controls, and supporting audit activities
Strong organisational skills, with the ability to manage multiple concurrent workstreams and maintain accurate records
Clear written communication skills, able to translate compliance requirements into plain-language guidance for non-specialists
Desirable
ISO 27001 Lead Implementer/Auditor certification, or equivalent
Experience delivering security awareness programmes, including phishing simulations
Experience with GRC tooling or security awareness training platforms
Familiarity with AI governance considerations and the compliance and risk implications of AI tool adoption
We Offer:
A Collaborative and Inclusive Culture where we celebrate and value everyone’s contributions, encouraging diverse perspectives in decision-making.
Work-Life Balance & Well-being We offer 1 hour per week of paid exercise, health insurance, and a generous pension plan, prioritizing your mental and physical well-being.
A Creative and Safe Workplace by joining a company experiencing rapid growth, with the stability of being Norway’s first unicorn listed on the Oslo Stock Exchange.
International and Supportive Environment within a Norwegian multinational that values collaboration and innovation.
The location for this role is Oslo, Stavanger, or our headquarters in Nedre Vats.
Application deadline: July 26th Please note that we review applications continuously—if this opportunity excites you, we encourage you to apply as early as possible! All inquiries are treated confidentially.
If you are applying from outside of Norway please indicate that you will be relocating to be considered.
AutoStore does not accept agency resumes or assistance for this role. Please do not forward resumes to our job's alias or AutoStore employees. AutoStore is not responsible for any fees related to unsolicited resumes. This policy should be respected.

AutoStore™ holds a simple yet powerful vision: to store and move things for everyone, everywhere. Founded in Norway, we've grown into a global technology company. AutoStore uses advanced software to automate and orchestrate order fulfillment. Our goal is to ensure orders arrive faster than ever, with minimal environmental impact. That’s how we help brands exceed customer expectations.
We have more than 1600 systems in nearly 60 countries, and we grow continuously as a community of employees, partners, customers, suppliers, and connected technologies. Automation should make life easier, and by listening carefully to our community, we innovate to meet the industry’s most complex needs. With AutoStore™, brands gain speed, efficiency, and improved workplaces. And much more floor space.
AutoStore – moving things forward.