Security and Risk Manager

Are you ready to make security a strategic advantage for a smarter and safer grid

ElBits is an ambitious collaboration among Norways grid companies aimed at driving change in the power grid industry. We achieve this by integrating and standardizing data as well as developing digital products. Our goal is to create a digital infrastructure that will enable the sector to increase grid capacity and efficiency as well as streamline and improve customer journeys.

With our partnerships deep industry expertise and access to critical data we are uniquely positioned to innovate and address the challenges of todays energy systems. By making data accessible and enabling collaboration we unlock the grid industrys potential. Together we contribute to solving one of the greatest challenges of our time - the energy transition.

At ElBits we are building critical digital services for the Norwegian power sector. These are national services that depend on trust preparedness and an uncompromising approach to security. As our data models grow and our products scale across grid companies security is not only a compliance exercise but at the heart of our mission.

Over the past year the value and sensitivity of the data we hold have increased significantly. We will soon have ten complete grid data models and additional datasets are growing as planned. This development raises both the stakes and the opportunity: to strengthen our security posture in a practical way to be deeply integrated in how we work and aligned with our long-term ambition. That also means strengthening security directly in teams workflows and technology.

We are now hiring a Security & Risk Manager to help build our methodology readiness and systematic way of working. This is a role that will shape how we protect data run operations and prepare for extraordinary situations while enabling product teams to move quickly and safely.

This is also an exciting moment to join. Our products are already being rolled out across grid companies and more are coming in 2026. As complexity grows the need for mature security practices grows with this role you will help us take the next step from secure enough to operate to secure enough to be relied on as national infrastructure.

What will you do

The main goal of the Security & Risk Manager is to ensure that ElBits develops readiness and practical security capabilities that naturally fit how our product teams work. Your focus will be on understanding where we are identifying the best next steps and enabling teams to move forward confidently. That means engaging deeply with product and data teams coordinating priorities and fostering a collaborative service-oriented approach across domains.

In this role you will bring the methodology structure and support needed as we scale. Youll collaborate across the organisation and at times work directly with cross-functional teams for example supporting a product team with a specific security challenge or helping them adopt new practices and tools. Flexibility is essential and you will play an active part in shaping how security is embedded throughout ElBits.

What you will be responsible for:

• Define our security best practices and guide the organisation toward them incrementally ensuring security improvements without slowing down product development.
  
• Build a systematic repeatable approach to risk management readiness and incident response ensuring ElBits can proactively identify and mitigate threats.
• Define and implement a practical security and preparedness methodology that is actionable measurable and aligned with our business objectives.
• Help balance agility with responsibility enabling fast product delivery today while establishing robust security foundations for the future.
• Train teams so that the security methodology becomes part of everyday work and is embedded in the organisational culture.
• Ensure governance is documented actively practised and continuously improved keeping policies up to date and aligned with evolving risks and regulations.
• Run and mature exercises routines and response processes strengthening organisational readiness and incident handling capabilities.
• Implement sufficient security measures tailored to our operations risk profile and regulatory environment without creating unnecessary friction for teams.
• Develop our ability to prevent limit and manage extraordinary situations including incident response threat modelling and business continuity planning.
• Maintain documented risk analysis and clear governance across the organisation ensuring transparency and accountability.

We also want teams to understand the risks in their areas manage them proactively and know that the organisation supports them in doing so. This role will therefore help with building the right approach that makes us both faster safer and builds readiness from the inside out.

Who are we looking for

We are looking for a security professional who is pragmatic yet process-oriented values clarity and can make security actionable while with-holding pace in product development.

Ideally you have a strong technical understanding and the ability to translate security concepts for both technical and non-technical audiences while collaborating effectively across teams.

We hope you have:

• Proven track record of building and implementing security practices within operational or technical organisations.
• A technical background whether in engineering product development IT operations or a similar field.
• Experience with incident and crisis management including planning coordination and execution of response processes.
• Strong understanding of data security and cybersecurity principles and how to apply them in practical product-focused environments.
• Ability to create clear frameworks communicate risks effectively and turn them into actionable guidance for product and engineering teams.
• Solid experience with information security management including implementing and maintaining processes controls and routines for protecting information assets.
  • Experience with or strong familiarity with ISMS frameworks and ISO 27001 is an advantage.
• Experience conducting or leading risk assessments such as ROS analysis or similar structured evaluation methods.
• Familiarity with managing security or working closely with IT environments including infrastructure access control monitoring and operational processes.
• Experience working cross-functionally with product engineering and operations teams to integrate security into everyday processes.

While not required its an advantage if you have:

• Experience working with or around the public sector or the grid/energy sector.
• Understanding of regulatory expectations in the Norwegian energy sector (NIS KBO KBF GDPR etc.)

What can we offer

First we want to emphasise the opportunity to shape security and risk practices across a fast-paced tech organisation. Youll work on meaningful challenges build practical frameworks and collaborate with talented motivated colleagues - making a real impact on Norways power grid and critical infrastructure.

We also offer:

• A positive flexible and trust-based work environment.
• To have your work have a great social impact and make a difference in the energy sector.
• Industry-leading pension and insurance policies.
• Modern office centrally located at Rådhusgata in Oslo.
• Choice of equipment and other necessary tools to ensure you have everything you need to perform your role effectively.
• Great colleagues & social events.

What does the process look like

• Apply with your CV and contact information.
• If we find your profile interesting well schedule a short (30-minute) conversation with our Recruitment Advisor.
• After that well set up a Meet & Greet with our Head of Technology and our Recruitment Advisor.
• In the second interview youll walk us through a case assignment and engage in a deeper discussion about your thinking and experience. Well also give you more insight into our way of working and youll complete a brief personality assessment through Fairsight.
• The final chat will involve a meeting with our Head of Operations.
• We do a couple of reference checks and send you an offer!

We use Semac for background checks after the final offer to verify the information provided during the process.

If you have any questions or other inquiries regarding this position feel free to send an email to .

ElBits AS is the controller of your personal data for the purposes of this recruitment. Amby AS acts as the processor of your personal data except when you agree to join our Talent Pool in which case Amby also becomes the data controller. We process your personal data to manage and conduct the recruitment process. You have the right to access your data request rectification erasure and restriction of processing as well as the right to object to processing and data transfer. For a more detailed understanding of how we handle your data the purposes of processing and your rights please refer to Ambys Privacy Policy.