Business Information Technology Security Officer (BITSO)

Company Description

Vattenfall is a leading European energy company driving the transition to a sustainable energy system. We have been electrifying industries, powering homes and transforming life through innovation for more than 100 years. We employ around 21 000 people mostly in our core markets in Sweden, Germany, the Netherlands, Denmark, and the UK.

Job Description

As a BITSO at Vattenfall, you’ll lead vital IT security measures in a dynamic environment that spans onshore and offshore wind operations. You’ll collaborate with cross-functional teams to implement security controls, handle incidents, and uphold compliance—shaping the safe, resilient backbone of our mission toward fossil freedom. If you thrive on driving meaningful change in critical infrastructure, join us and make your mark in the future of sustainable energy.
 

In Business Area (BA) Wind, the Security & Resilience (SnR) Department plays a pivotal role in safeguarding our journey toward a fossil-free future. SnR oversees functional areas such as Information & Cybersecurity, Physical Security, Personnel Security, and Resilience. Through a robust security management system (SMS) and structured risk assessment processes, the department ensures that Vattenfall’s wind operations remain secure and compliant with both internal and external requirements. By setting policies, coordinating security initiatives, and collaborating with stakeholders at all levels, the SnR team helps uphold our commitment to “always act secure & resilient.”

Be in your element with BA Wind

Our business areas offer a unique opportunity to be in your element, working to help harness the forces which will take us to fossil freedom.

As part of BA Wind, you will play a key role in one of the most exciting pipelines in the industry, with 24GW of capacity stretching out more than a decade ahead across our key European markets.

You won’t only be involved in developing projects but also pioneering cutting-edge innovation, new business models, and ways of working with communities and the environment. Working as part of a leading European utility also means you could be helping a growing number of major businesses and brands achieve their own sustainability goals through partnerships.

Qualifications

Your responsibilities as a BITSO

As a Business Information Technology Security Officer (BITSO) within BA Wind’s SnR department, you will be integral to implementing and maintaining IT security measures across our onshore and offshore wind operations. Serving as a second line specialist, you will collaborate closely with system owners, IT security teams, and other stakeholders to ensure security controls, policies, and regulatory standards are understood and applied effectively. From risk assessments and identity and access management to incident coordination and third-party due diligence, this role requires a proactive approach to safeguarding critical infrastructure in an evolving threat landscape. By championing a strong security culture and driving continuous improvement, you will help BA Wind meet its strategic objectives, remain resilient, and support our broader mission of enabling fossil-free living.

Key responsibilities:

IT Security Advisory & Coordination

• Provide expert advice, oversight, and challenge to first-line teams managing IT-related risks.
• Act as a central point of contact in BA Wind for IT security, liaising with Vattenfall’s corporate IT security representatives.

Security Framework & Compliance

• Support the implementation and ongoing improvements of the Information Security Management System (ISMS), ensuring alignment with ISO 27001, ISO 27019, IEC 62443, and other relevant standards.
• Coordinate IT security–related activities and control measures with system owners, ensuring that embedded IT systems meet group security requirements.

Risk & Incident Management

• Conduct or support security risk assessments, classification of information assets, and manage exceptions where necessary.
• Handle identity and access management tasks, incident response, and coordinate vulnerability remediation in collaboration with operational teams.

Stakeholder Engagement & Reporting

• Collaborate with Business Information Security Officers (BISOs) and the Business Operational Technology Security Officer (BOTSO) on monitoring and assurance activities.
• Report to the Group IT Security Officer (GITSO) on matters affecting overall IT security in BA Wind, including critical vulnerabilities, incident handling, and implementation status.
• Work with BA-wide stakeholders (Offshore, Onshore, Solar & Batteries) to align IT security initiatives, ensuring adherence to Vattenfall’s security standards.

Security Culture & Continuous Improvement

• Promote a robust security culture throughout BA Wind, including training and awareness campaigns.
• Conduct due diligence of third-party suppliers and ensure relevant security provisions are integrated into contracts.
• Contribute to developing and refining security processes, adjusting to evolving technological and regulatory landscapes.

Your profile as BITSO
Whether you’re newly graduated with a strong drive and an eagerness to learn, or an experienced IT security professional, you bring a proactive mindset and a keen interest in protecting critical infrastructure. You have (or are willing to develop) solid knowledge of ISO frameworks like 27001 and 27019, plus a foundation in technology—ideally from energy, engineering, or a similarly complex domain. Experience with stakeholder management and building robust security schemes is preferred, but if you have the passion and curiosity, we encourage you to apply.

You’re a team player who remains calm under pressure, enjoys learning, and can navigate a multicultural environment with ease. You have a positive outlook, a sense of humor that keeps colleagues engaged, and the flexibility to adapt in a fast-changing setting. Strong communication skills let you explain complex technical topics clearly, and you thrive on forging collaborative relationships across all levels of the organization. Above all, you’re self-motivated, solution-focused, and excited to drive our shared mission toward a more secure, fossil-free future.

• You bridge the gap between security requirements and business objectives, keeping both in view when planning solutions and improvements.
• You stay ahead of emerging trends, leveraging ongoing research and continuous learning to refine your approach to cybersecurity.
• You enjoy clear documentation, ensuring processes are well-structured and easy for stakeholders to follow or audit.
• You excel at juggling multiple initiatives, balancing short-term tasks and long-term strategic goals without losing focus.
• You welcome constructive feedback, seeing it as an opportunity for collaboration and ongoing professional development.
• You maintain the highest respect for confidentiality, safeguarding sensitive data while promoting transparency where it drives better outcomes.

Additional Information

Our offer
Looking for a career with high purpose of ensuring security & resilience of critical infrastructure, our business and the societies we provide electricity to?

The scale and ambition of our wind, battery and solar business means you can really find your element with us. We’ll also provide you with all the learning and development you need to expand your horizons.

We strive to be the best place to work in the industry with competitive pay and conditions and an open, supportive culture. A commitment to a healthy work-life balance aims to ensure everyone plays to their strengths, whatever their background and experiences.

You will be part of a growing team of 1.900+ colleagues from 50+ nationalities where our positive approach to diversity is reflected in the fact that more than a quarter of staff are women.

More Information 

For more information about the position you are welcome to contact hiring manager Ingolfur Thor Gudmundsson, [email protected].  For more information about the recruitment process you are welcome to contact our recruiter Christian Pathuel, [email protected]

We welcome your application in English no later than 22.06.2024. We kindly request that you do not send applications by any means other than via our website. 

At Vattenfall we are convinced that diversity contributes to building a more profitable and attractive company and we strive to be a good role model regarding diversity. Vattenfall works actively for all employees to have the same opportunities and rights regardless of gender, ethnicity, age, transgender identity or expression, religion or other belief, disability or sexual orientation. Click here for further information. 

The security of Vattenfall and its employees is essential. For that reason, a pre-employment screening will be part of your recruitment process. The screening is based on the role you will fulfil within Vattenfall and will be performed by a third party, Validata. 

Since Vattenfall is a part of the Swedish critical infrastructure, many of our services are security classed.
If this position is security classified, the final candidates might be subject to a security vetting process, according to Swedish legislation. 
A country specific equivalent of NATO Confidential or NATO Secret clearance will be required for this position.

We look forward to receiving your application!