Company description

Vattenfall Eldistribution AB is Vattenfall's electricity network business and one of Sweden's largest electricity network companies. We are responsible for a societal infrastructure that distributes electricity to more than 900,000 companies and households. As an employee with us, you contribute every day to the functioning of society and to a secure electricity supply for future generations.Together, we are building the electricity grid of the future and enabling the transition to a fossil-free society.

Read more about what it's like to work here

About the role

Are you passionate about IT security and want to be part of a company that prioritizes security, sustainable solutions and fossil freedom? Are you committed, innovative and want to work in an inclusive environment where your ideas and development are highly valued? We are looking for a committed specialist in the field of IT security who wants to be part of the development of our IT security and digitization!

The role of Business IT Security Officer

In the role of Business IT Security Officer (BITSO), you will belong to the department IT security. We are a large team with broad skills and varied experiences working with security issues. With increased pressure on regulatory requirements, we are now looking for more committed employees who want to join and strengthen our work.

The role of BITSO is a key role in ensuring that the IT security area meets high internal and external requirements. You will do this by, among other things, conducting audits and reviews of both new and existing IT systems where you ensure that the systems meet current security requirements, that risks are identified at an early stage and that relevant measures can be taken proactively. You are also a key member of the incident management team. Not only in the acute phase, but also in the long-term work of strengthening the safety culture and reducing the risk of recurring incidents. Through your leadership in the incident team, you contribute to creating a safe, stable and predictable digital environment. You will be involved in driving IT security architecture, creating situational awareness and playing a key role in collaboration between internal companies and external partnerships and networks.

With us, you will work with operational, tactical and strategic IT security issues in close connection with the goals and strategies of the business. In your role, you will for example:

• Conduct and develop IT security work within Vattenfall Eldistribution
• Maintain a current situation picture in the IT security area and communicate it to relevant stakeholders
• Conduct IT security audits and reviews of new and existing IT systems
• Interpret regulations and requirements in the area and ensure that the requirements are met
• Participate as support to system owners and information owners in IT security classifications of systems
• Manage, report and follow up on incidents
• Ensure that IT security is an integral part of the development of IT architecture
• Develop security architecture and drive initiatives for security improvements
• Collaborate with IT specialists from Vattenfall's other companies and business units and participate in group-wide networks - for example IT security forums - where you represent Vattenfall Electricity Distribution

You will continuously collaborate with, among others, IT project managers, IT architects, IT and OT security specialists, information security coordinators (BISO), OT security coordinators (BOTSO) and both internal and external suppliers.

Requirements

We are looking for you who are curious, solution-oriented and driven by creating results that provide clear benefits for the business. You enjoy working in a team and want to contribute with your skills and experience to create a secure and sustainable IT and information environment. We believe that you are an experienced security specialist with several years of experience in IT security work and a background in infrastructure and its architecture. We would also like you to have worked in OT security. You should have experience working with regulatory requirements and compliance. If you have certifications or training in information security, this is a plus, but we see your willingness to learn and develop as more important than certification and training.

The role requires good knowledge of information security standards and frameworks, such as ISO 27001, as well as experience in risk management and security assessments. You are also familiar with relevant regulations and directives, including NIS/NIS2, NCCS, CER, GDPR and others. As a person, you are self-driven and motivated by analyzing and improving. Your approach is characterized by being attentive and proactive, and you want to understand causes and correlations. In addition, you should have good communication skills and the ability to collaborate with various stakeholders regarding strategic, tactical and operational tasks.

Qualifications:

• Post-secondary education in, for example, computer and systems science, or other experience and education that we consider equivalent
• Good and current experience of working in IT security. We would like to see that you have worked in a security-related specialist role in a larger organization
• Good knowledge of Swedish and English in both speech and writing

Experience

We are looking for you with knowledge and experience in some of the following areas:

• IT security classification of systems, for example according to the CIA triad
• Security audits of IT systems
• Swedish security protection legislation, NIS/NIS2 regulation
• Requirement of security tests, penetration tests and the like
• Risk and vulnerability analyses linked to IT and cyber security
• Selection and adaptation of security controls for IT systems
• IT infrastructure. For example, networks, authentication solutions, Windows and/or Linux environments, cloud services and how these are hardened

More important can be:

• Experience in educating, informing and creating understanding of IT security in your own organization
• Formal training in IT security
• Relevant certifications, such as CISSP, CISM, CISA, CRISC and OSCP
• Experience with relevant standards such as ISO27001, NIST and CIS
• Experience working with OT security and knowledge of IEC 62443
• Experience leading and coordinating incident response
• Experience in business intelligence

Travel is required.