IT and process Control Security Architect

Company Description

Statkraft has been making clean energy possible for over a century. That is what we offer. 125 years of unrivaled expertise in supplying the world with what it needs most. We envision a world that runs entirely on renewable energy. Because in the fight against climate change, we do not see renewable energy as part of the solution – we believe it must be the solution. With us, you will shape a career that is truly forward-facing with many amazing opportunities and offerings to match.

But there is more work to be done – that is why we need you to join!

Job Description

Statkraft Cyber Security Architecture Department (ITSA) is looking for a new colleague to strengthen the IT Security Architecture team. Statkraft Cyber Security Department consists of GRC, Cyber Security Architecture and CSIRT department working hand in hand protecting Statkraft’s assets from cyber threats and enabling the business providing robust and secure IT security services. The Cyber Security Department is part of the Statkraft IT Department, which consist of over 200 highly engaged employees. Statkraft IT is the Statkraft Group’s IT service provider and Digitalization Centre of Expertise, delivering a full set of services from business development, change management, projects, application development to operational services.

Our Cyber Security department is contributing to protect all business areas in Statkraft. We use our expertise within security frameworks, standards and best practices, as well as our technical in-depth knowledge to understand and support different initiatives and day to day operations. We collaborate with other security domain areas in Statkraft as well as external partners to keep each other informed and protected, and to further our profession and skillset. Our department consists of specialists passionate about their field and thriving in the dynamic and complex environment – and this is what we are looking for in our new colleague! 

The IT Security Architect role in Statkraft relies on good communication skills, influencing the positive and mature IT security posture throughout the organization and using the security mandate to protect and improve the IT security services and IT architecture.

You will report to Head of Cyber Security Architecture and be part of the Cyber Security Architecture Department.

Your role:

• Assess and design secure and compliant solutions with our customers, bringing the security requirements and best practice early into the design process and monitor their implementation
• Build relationships and collaborate with stakeholders, system owners, IT specialists and process control specialists to ensure all visions are aligned
• Implement administrative and technical security controls throughout the global IT and process control environment
• Evaluate IT and process control infrastructure changes and requests that impact security
• Provide practical security requirements to projects and activities that helps both the end user and the organization to balance security - based on established security policies and standards
• Assist with internal and external security audits and assessments
• Facilitate third party security assessments
• Collaborate with the GRC team assisting with risk assessments and providing risk mitigations and subject matter expertise
• Collaborate with the CSIRT team to ensure that the findings are addressed through robust processes, IT and process control security architecture
• Contribute to the continuous improvement of the security policies and processes, using your experience, observation and communication skills as well as ongoing research in the cybersecurity field

Qualifications

• You are passionate about cybersecurity and have knowledge about threats to critical infrastructure.
• You have technical background, preferably both operational technology/process control and IT security, and you have 3-5 years of work experience within the operational technology field
• You have good practical knowledge within an Operational Technology/Process Control environment, including HSS, System of systems, communications, Safety systems and dependencies.
• You have good knowledge within the main areas of both IT security and process control security including LAN/WAN networks and communication security, software development security, client/server security, identity and access management and security operations.
• Work experience with IT and Process Control security frameworks and standards such as IEC62443, IEC62351, ISO 27019, ISO 27001, NIST CSF, CIS Controls.
• Work experience with risk assessments and risk management process is an advantage
• Work experience with security- and penetration testing is an advantage
• You are ethical, professional, structured, proactive and ambitious
• You are fluent in English and Norwegian, both oral and writing

Statkraft manages critical infrastructure and services in several countries. We conduct background checks on qualified applicants before hire and in this role you must qualify for Norwegian and Swedish security clearance and authorization.

Necessary background check according to Norwegian and Swedish regulatory requirements is needed for this position.

Additional Information

Statkraft offers:

• Professional and personal development in Europe’s leading company within renewable energy
• A positive and including work environment characterised by competence, responsibility and innovation
• The chance to grow your career alongside a truly global network of experts, leaders, specialists and graduates from different countries and backgrounds
• A diverse workplace with respect to gender, age and cultural background
• Competitive terms of employment and excellent benefit scheme

Statkraft manages critical infrastructure and services in several countries. The applicant must be eligible for security clearance and authorization.  

Application deadline: 16th of April 2023. 

Contact: For more information about the position, please contact: Ronny Nilsen, Head of Security Architecture, ronny.nilsen@statkraft.com.