VP Risk Management & Global Data Protection Officer

Hurtigruten has operated in international tourism since its establishment in 1893. The combination of local transport and tourism with its 11 ships in year-round route along the Norwegian coast creates today authentic experiences for guests from all over the world. The explorer ships MS Fram, MS Spitsbergen, MS Midnatsol and MS Roald Amundsen sailing Hurtigruten the world's most coveted polar destinations like Spitsbergen, Greenland and Antarctica. Hurtigruten also operates hotels and arctic adventure activities on Spitsbergen through Hurtigruten Svalbard AS and on Kirkenes trough Hurtigruten Barents AS.

The Group Centre is located in Tromsø, but the company also has offices in Kirkenes, Oslo, London, Hamburg, Paris, Tallinn, Seattle and Hong Kong. Hurtigruten is one of Norway's strongest brands, and is a spearhead in Norwegian and international tourism. 

As VP Risk Management and Global DPO you will be responsible for the overall Group's risk management policies, risk models, processes and internal audit function and responsible for planning and conducting operational, financial and compliance audits to evaluate the effectiveness of internal controls and organizational risk.

The work will include managing audits including evaluating internal controls, performing and documenting audit test work together with third party audit teams, communicating audit issues to management, writing audit reports, identifying and evaluating emerging areas of organizational risk.  

As designated DPO your role will be to ensure that the Group processes the personal data of its staff, customers, providers or any other individuals (also referred to as data subjects) in compliance with the applicable data protection rules.

The VP of Risk Management and Global DPO must have excellent quantitative and analytical skills, along with the ability to apply those skills across a variety of business processes. The position is a key resource for the group and will report to the CFO.

As VP of Risk Management and Global DPO you will work closely with other departments within the Group.

Duties and responsibilities

  • Designing and implementing an overall risk management process for the organization, which includes an analysis of the financial impact on the company when risks occur
  • Provide risk management and internal control leadership and support regarding effective operating and designed controls, risk mitigation strategies and overall compliance with Hurtigruten’s policies and procedures
  • Manage and review all test work, including the internal control environment and promoting continuous enhancements and improvement of financial and operational controls, processes and system capabilities
  • Establish and maintain key relationships throughout the organization as a means of obtaining information needed to perform functional duties, provide business advisory service and to provide strategic recommendations
  • Risk reporting tailored to the relevant audience. (Educating the Group management team about the most significant risks to the business; ensuring business heads understand the risks that might affect their departments; ensuring individuals understand their own accountability for individual risks)
  • Maintain and develop relationship with 3rd party providers of internal audit and risk management services
  • Responsible for setting up processes that ensure that the data protection rules are respected in cooperation with the data protection authority (for the EU institutions and bodies, this is the EDPS). In the EU institution and bodies, the DPO must: Cooperate with the EDPS (responding to his requests about investigations, complaint handling, inspections conducted by the EDPS, etc.)
  • Draw the institution's attention to any failure to comply with the applicable data protection rules.


  • Master’s degree within accounting, law or finance other relevant degree with strong academic results
  • 7 years’ relevant work experience within audit, risk management or law practice
  • Strong risk governance and management experience with expertise in enterprise risk management framework and processes including ISO 31000
  • Experience with GDPR compliance
  • Strong analytical skills
  • Fluent in English, spoken and written 

Personal qualities

  • Highly structured
  • Strong analytical and modelling skills
  • Excellent communication skills
  • Ability to work under pressure to meet deadlines
  • Independent and proactive working style, but still a dedicated team player
  • You live our values: We care, We explore, We empower & We inspire.

We can offer

  • An exciting job with one of the strongest brands within expedition tourism
  • The chance to work in one of the world’s most exciting and dynamic industries
  • The opportunity to deliver new builds with groundbreaking technology and design
  • Working with highly skilled and dedicated colleagues, both in the office and at sea
  • Competitive conditions
  • Fantastic rates to travel to some of the most exciting places on the planet


Go to https://www.hurtigruten.no/om-oss/jobb-i-hurtigruten/ledige-stillinger-i-hurtigruten/ to apply for this job. 

Application deadline is as soon as possible.