Information Security Specialist ISMS (m/f/d)

Imagine a future where you help Ørsted stay secure in an increasingly digital world.

Why join?

Join us in this role where you’ll be leading Continental Europe hub with cyber secure generation. You will be facilitating the rollout of the Information Security Management system across the region, initiating improvements of the system, and reporting from the system. This also includes ensuring that the implemented ISMS controls fulfil organizational and country-specific legal requirements where ISMS is implemented.

Welcome to Generation Continental Engineering
You’ll be part of Asset Reliability within CE Engineering where you, together with your colleagues, will ensure secure, reliable generation from our Continental European assets. You will ensure the best possible handling and improvement of cybersecurity and ensure compliance towards applicable country-specific legal requirements where ISMS is implemented. You’ll secure the lowest possible operating costs and consistently deliver high-quality results at the right time.

You’ll play an important role in:

• developing a roadmap for implementation of ISMS across all operational sites in the region
• maintaining and improving the cybersecurity risk register, including conducting risk identification and follow-up workshops with relevant parties, in coordination with global ISMS specialists
• owning regional technical cyber security risks in close collaboration with global security team. Developing, securing budget and implementing risk treatment plans
• defining effective business continuity plans for CE SCADA IT/OT systems, maintaining them and implementing them in emergency scenarios, leading event recovery sessions in relation to area of expertise
• facilitating and supporting regional hub initiatives on continuous improvement of ISMS, including instructions, controls, reports, training, or other work related to ISMS
• ensuring development and roll-out of training to all involved functions as well as supporting relevant teams in the implementation of ISMS requirements

• planning and conducting audits (internal and external), including drills and following up on findings

• establishing, conducting, and following up on regional management reviews in accordance with requirements in ISMS.

To succeed in the role, you:

• completed degree in Information Security, Cybersecurity, Computer Science, or a related field
• be proficient in cyber security in IT/OT environments, preferably with in-depth knowledge on ISO27001/27019 and IEC62443. National requirements such as NIS-CAF would be an advantage
• possess relevant cybersecurity certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or Certified in Risk and Information Systems Control (CRISC)
• bring prior experience working in the energy sector, particularly in a regulated environment such as utilities, renewable energy, or oil and gas
• be proficient in risk assessment methodologies, security controls, and incident response management
• demonstrate ability to work effectively with external vendors and internal stakeholders to achieve security objectives
• have experience working independently with direction from multiple stakeholders across various countries.

Maybe you’ve read the above and can see you have some transferable skills, even though they don’t quite match all the points. If you think you can bring something to the team, we still encourage you to apply.

Shape the future with us
Send your application to us as soon as possible. We’ll be conducting interviews on a continuous basis and reserve the right to take down the advert when we’ve found the right candidate.

As an applicant or employee, you may request reasonable work and position accommodation or adjustments via accommodation@orsted.com.

Please note that for your application to be taken into consideration, you must submit your application via our online career pages and answer the screening questions relevant for your country. We don't take applications or inquiries from external recruiters or agencies into account for this position.