OT Compliance Manager (m/f/d)

Join us in this role where you’ll work closely with offshore windfarm engineering, OT experts, IT, corporate functions as well as locations and regions to develop and manage cyber security compliance activities in global offshore windfarm operations.

Welcome to Ørsted Generation. You’ll be part of Ørsted Generation, where you, together with your colleagues, will help ensure that our offshore wind operations comply with international and national cybersecurity regulations and standards. As wind energy continues to mature globally and becomes recognised as critical infrastructure in key markets, owners and operators must meet increasing regulatory and cybersecurity requirements, including standards such as ISO 27001 and IEC 62443.

In this role, you’ll act as a technically oriented compliance expert with strong project management skills, supporting the continuous compliance of OT operations in critical infrastructure environments. You’ll contribute to the application and improvement of information security management processes, lead compliance and audit activities on a global level, and help strengthen Ørsted’s overall security and compliance posture. You’ll also collaborate closely with and support a community of Regional Cyber Security Officers across Ørsted’s locations worldwide. As a team, we collaborate across borders, share knowledge openly, and support each other in protecting secure, reliable, and sustainable energy generation.

You’ll play an important role in:

• Managing the compliance baseline documentation system and related artifacts
• Developing methodologies and tooling concepts to improve automate the compliance management (cyber GRC concepts and tooling)
• Establishing cybersecurity frameworks, policies, and procedures tailored for offshore wind farm environments to address risks related to industrial control systems (ICS) and SCADA systems etc.
• Performing control assessments and risk assessments from the compliance perspective
• Maintaining and facilitating internal and certification audits and governmental inspection activities
• Managing the community of Regional Cyber Security Officers to coordinate and support their local compliance activities
• Establish operational compliance reporting (e.g. KPIs, KRIs, assessments, maturity assessments, compliance risk reporting)
• Consulting the operations teams regarding compliance.

To succeed in the role, you:

• Have experience with governance, risk and compliance approaches
• Very good knowledge and understanding about industrial standards like ISO27001, -2, -5 and IEC62443
• Are capable to fully understand and get familiar with national and/or energy market specific standards and regulations like NIS2, UK NIS CAF, German IT Sicherheitskatalog and KRITIS regulations and US NERC CIP and understanding of how it applies to OT environments and how different authorities audit and inspect across jurisdictions.
• Have experience with security and compliance in the OT area (e.g. IEC & SCADA systems and components, i.e. PLCs, HMIs, RTUs, and auxiliary system like HVAC, LV Systems, UPS etc.)
• Have project management skills
• Have good communication skills and are capable of stakeholder engagement in a matrix organisation
• Very good analytical and methodological skills.

Employment in this role may be subject to the successful candidate being able to obtain the required security clearance.