OT Risk Manager

Imagine a future where you drive risk management in offshore wind, aligning OT cybersecurity with business goals using ISO 27005 to ensure resilient, future-proof operations.

Join us in this role where you’ll be responsible for overseeing and managing the cybersecurity risks associated with Operational Technology (OT) systems within offshore windfarm operation. You will work closely with the Risk Team, key stakeholders, operations, and management to ensure informed decision-making and compliance with relevant regulations and standards.

Welcome to Ørsted Windpower Operations department
You’ll be part of our OT Compliance & Security Team, which is part of OT Digital & Security where you, together with your colleagues, will conduct risk assessments & risk workshops and ensure results are communicated and used across our business. Regularly review and evaluate the cybersecurity risks associated with the OT systems that control wind turbine operations, electrical substations, and other critical infrastructure, ensuring they are aligned with national cybersecurity standards. As a team, we have a culture of learning and improving, we work as a diverse global team with different cultural backgrounds and competencies.

You’ll play an important role in:

• conducting Risk Assessments & Risk Workshops
• facilitate risk committee meetings and drive risk reporting towards key stakeholders
• establishing cybersecurity frameworks, policies, and procedures tailored for offshore wind farm environments to address risks related to industrial control systems (ICS) and SCADA systems etc.
• working closely with OT/IT security and operational technology teams to ensure integration between OT and IT security practices, focusing on the overall protection of critical national infrastructure
• ensuring compliance with national and international cybersecurity regulations and standards and managing the reporting of OT security status to regulatory bodies, Cyber Security Boards and others
• ensuring that cybersecurity risk management practices comply with regulations, standards and industry best practices for offshore.

To succeed in the role, you:

• understand ICS & SCADA/OT architecture
• can implement and take guidance from the IEC 62443, ISO27001 and 27019

series of standards incl. The Purdue Reference Model (ISA-99) and concept models for ICS network segmentation

• have experience with operating and managing ICS & SCADA components (i.e. PLCs, HMIs, RTUs, and auxiliary system like HVAC, LV Systems, UPS etc.)
• understand OT / SCADA & ICS network security and monitoring
• have experience with best practice OT Remote access and vendor management
• appreciate the difference of the risk management disciplines OT vs. IT
  • OT: SRP triad (Safety, Reliability, Productivity)
  • IT: CIA triad (Confidentiality, Integrity, Availability)
• have experience with relevant legislation (UK NCSC CAF, DE BSI/KRITIS, US NERC-CIP, EU NIS2 and CER) and understanding of how it applies to OT environments and how different authorities audit and inspect across jurisdictions
• have a good understanding of risk management principles, especially in the context of operational technology (OT) and critical infrastructure, with the ability to apply ISO 27005's risk assessment and treatment methods effectively
• can translate cybersecurity risks into business-relevant insights, facilitating risk-informed decision-making at higher management levels, balancing technical needs with business priorities
• have excellent communication skills for engaging with both technical teams and business leaders. You can convey complex risk scenarios in simple, actionable terms to non-technical stakeholders.

Employment in this role may be subject to the successful candidate being able to obtain the required security clearance.

Maybe you’ve read the above and can see you have some transferable skills, even though they don’t quite match all the points. If you think you can bring something to the team, we still encourage you to apply.

Shape the future with us
Send your application to us as soon as possible. We’ll be conducting interviews on a continuous basis and reserve the right to take down the advert when we’ve found the right candidate.

As an applicant or employee, you may request reasonable work and position accommodation or adjustments via accommodation@orsted.com.

Please note that for your application to be taken into consideration, you must submit your application via our online career pages and answer the screening questions relevant for your country. We don't take applications or inquiries from external recruiters or agencies into account for this position.