Join us in this role where you’ll be keeping our operations cyber secure. You will be facilitating the rollout of the Information Security Management system across the region, initiating improvements of the system, and reporting from the system. This also includes ensuring that the implemented ISMS controls fulfil organisational and country-specific legal requirements where ISMS is implemented.

Welcome to Oprations Engineering
You’ll be part of Operational Engineering where you, together with your colleagues, will ensure the best possible handling and improvement of cybersecurity and ensure compliance towards applicable country-specific legal requirements where ISMS is implemented. You’ll secure the lowest possible operating costs and consistently deliver high-quality results at the right time.

You’ll play an important role in:

• developing a roadmap for implementation of ISMS at existing and new sites in the region
• maintaining and improving the cybersecurity risk register, including conducting risk identification and follow-up workshops with relevant parties, in coordination with global ISMS managers
• facilitating and supporting regional initiatives on continuous improvement of ISMS, including instructions, controls, reports, training, or other work related to ISMS
• ensuring development and roll-out of training to all involved functions as well as supporting relevant teams in the implementation of ISMS requirements
• planning audits (internal and external), including following up on findings
• establishing, conducting, and following up on regional management reviews in accordance with requirements in ISMS.

To succeed in the role, you:

• hold a degree in Information Security, Cybersecurity, Computer Science, or a related field
• possess relevant cybersecurity certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or Certified in Risk and Information Systems Control (CRISC)
• bring prior experience working in the energy sector, particularly in a regulated environment such as utilities, renewable energy, or oil and gas
• exhibit a strong understanding of the NIST Cybersecurity Framework (CSF) and other relevant cybersecurity standards and frameworks (e.g., ISO 27001, COBIT, CIS Controls)
• be proficient in risk assessment methodologies, security controls, and incident response management
• demonstrate ability to work effectively with external vendors and internal stakeholders to achieve security objectivesA thorough understanding of the Purdue Enterprise Reference Architecture (PERA)
• have experience working within an international matrix organisation.

Maybe you’ve read the above and can see you have some transferable skills, even though they don’t quite match all the points. If you think you can bring something to the team, we still encourage you to apply.

Shape the future with us
Send your application to us as soon as possible. We’ll be conducting interviews on a continuous basis and reserve the right to take down the advert when we’ve found the right candidate.

As an applicant or employee, you may request reasonable work and position accommodation or adjustments via accommodation@orsted.com.

Please note that for your application to be taken into consideration, you must submit your application via our online career pages and answer the screening questions relevant for your country. We don't take applications or inquiries from external recruiters or agencies into account for this position.