Are you ready to make security a strategic advantage for a smarter and safer grid?

ElBits is an ambitious collaboration among Norway’s grid companies aimed at driving change in the power grid industry. We achieve this by integrating and standardizing data, as well as developing digital products. Our goal is to create a digital infrastructure that will enable the sector to increase grid capacity and efficiency, as well as streamline and improve customer journeys.

With our partnerships, deep industry expertise, and access to critical data, we are uniquely positioned to innovate and address the challenges of today’s energy systems. By making data accessible and enabling collaboration, we unlock the grid industry's potential. Together, we contribute to solving one of the greatest challenges of our time - the energy transition.

At ElBits, we are building critical digital services for the Norwegian power sector. These are national services that depend on trust, preparedness, and an uncompromising approach to security. As our data models grow and our products scale across grid companies, security is not only a compliance exercise, but at the heart of our mission.

Over the past year, the value and sensitivity of the data we hold have increased significantly. We will soon have ten complete grid data models, and additional datasets are growing as planned. This development raises both the stakes and the opportunity: to strengthen our security posture in a practical way, to be deeply integrated in how we work, and aligned with our long-term ambition. That also means strengthening security directly in teams, workflows, and technology.

We are now hiring a Security & Risk Manager to help build our methodology, readiness, and systematic way of working. This is a role that will shape how we protect data, run operations, and prepare for extraordinary situations, while enabling product teams to move quickly and safely.

This is also an exciting moment to join. Our products are already being rolled out across grid companies, and more are coming in 2026. As complexity grows, the need for mature security practices grows with it. In this role, you will help us take the next step from “secure enough to operate” to “secure enough to be relied on as national infrastructure.”

What will you do?

The main goal of the Security & Risk Manager is to ensure that ElBits develops readiness and practical security capabilities that naturally fit how our product teams work. Your focus will be on understanding where we are, identifying the best next steps, and enabling teams to move forward confidently. That means engaging deeply with product and data teams, coordinating priorities, and fostering a collaborative, service-oriented approach across domains.

In this role, you will bring the methodology, structure, and support needed as we scale. You’ll collaborate across the organisation and at times work directly with cross-functional teams, for example, supporting a product team with a specific security challenge, or helping them adopt new practices and tools. Flexibility is essential, and you will play an active part in shaping how security is embedded throughout ElBits.

What you will be responsible for:

• Define our security best practices and guide the organisation toward them incrementally, ensuring security improvements without slowing down product development

• Build a systematic, repeatable approach to risk management, readiness, and incident response, ensuring ElBits can proactively identify and mitigate threats.

• Define and implement a practical security and preparedness methodology that is actionable, measurable, and aligned with our business objectives.

• Help balance agility with responsibility, enabling fast product delivery today while establishing robust security foundations for the future.

• Train teams so that the security methodology becomes part of everyday work and is embedded in the organisational culture.

• Ensure governance is documented, actively practised, and continuously improved, keeping policies up to date and aligned with evolving risks and regulations.

• Run and mature exercises, routines, and response processes, strengthening organisational readiness and incident handling capabilities.

• Implement sufficient security measures tailored to our operations, risk profile, and regulatory environment, without creating unnecessary friction for teams.

• Develop our ability to prevent, limit, and manage extraordinary situations, including incident response, threat modelling, and business continuity planning.

• Maintain documented risk analysis and clear governance across the organisation, ensuring transparency and accountability

We also want teams to understand the risks in their areas, manage them proactively, and know that the organisation supports them in doing so. This role will therefore help with building the right approach that makes us both faster, safer, and builds readiness from the inside out.

Who are we looking for?

We are looking for a security professional who is pragmatic yet process-oriented, values clarity, and can make security actionable while with-holding pace in product development.

Ideally, you have a strong technical understanding and the ability to translate security concepts for both technical and non-technical audiences, while collaborating effectively across teams.

We hope you have:

• Proven track record of building and implementing security practices within operational or technical organisations.

• A technical background, whether in engineering, product development, IT operations, or a similar field. 

• Experience with incident and crisis management, including planning, coordination, and execution of response processes.

• Strong understanding of data security and cybersecurity principles, and how to apply them in practical, product-focused environments.

• Ability to create clear frameworks, communicate risks effectively, and turn them into actionable guidance for product and engineering teams.

• Solid experience with information security management, including implementing and maintaining processes, controls, and routines for protecting information assets.

  • Experience with, or strong familiarity with ISMS frameworks and ISO 27001 is an advantage.

• Experience conducting or leading risk assessments, such as ROS analysis or similar structured evaluation methods.

• Familiarity with managing security or working closely with IT environments, including infrastructure, access control, monitoring, and operational processes.

• Experience working cross-functionally with product, engineering, and operations teams to integrate security into everyday processes.

While not required, it’s an advantage if you have:

• Experience working with or around the public sector or the grid/energy sector.

• Understanding of regulatory expectations in the Norwegian energy sector (NIS, KBO, KBF, GDPR, etc.)

What can we offer?

First, we want to emphasise the opportunity to shape security and risk practices across a fast-paced tech organisation. You’ll work on meaningful challenges, build practical frameworks, and collaborate with talented, motivated colleagues - making a real impact on Norway’s power grid and critical infrastructure.

We also offer:

• A positive, flexible, and trust-based work environment.

• To have your work have a great social impact and make a difference in the energy sector.

• Industry-leading pension and insurance policies.

• Modern office centrally located at Rådhusgata in Oslo.

• Choice of equipment and other necessary tools to ensure you have everything you need to perform your role effectively.

• Great colleagues & social events.
  

What does the process look like?

• Apply with your CV and contact information.

• If we find your profile interesting, we’ll schedule a short (30-minute) conversation with our Recruitment Advisor.

• After that, we’ll set up a Meet & Greet with our Head of Technology and our Recruitment Advisor.

• In the second interview, you’ll walk us through a case assignment and engage in a deeper discussion about your thinking and experience. We’ll also give you more insight into our way of working, and you’ll complete a brief personality assessment through Fairsight.

• The final chat will involve a meeting with our Head of Operations.

• We do a couple of reference checks and send you an offer!

We use Semac for background checks after the final offer to verify the information provided during the process.

If you have any questions or other inquiries regarding this position, feel free to send an email to anna.wold@elbits.no.

ElBits is an ambitious partnership between Norway’s grid companies, aiming to create a new digital infrastructure that standardizes data, increases grid capacity, and sets a new standard for the industry.

With unique access to partner companies, expertise, and data, we are at the forefront of driving innovation in the sector.

We exist because we will help shape the future of the energy sector at a time when innovation is more important than ever.