BISO and Data Information Manager

Company Description

Vattenfall is a European energy company with approximately 21 000 employees. For more than 100 years we have electrified industries, supplied energy to people’s homes and modernised our way of living through innovation and cooperation. We are looking for talented individuals who, in addition to their passion for their own role, also have strong team spirit and want to contribute to supporting a meaningful corporate mission. 

Job Description

Heat UK is a forward-thinking organization committed to innovation, resilience, and trust. As we continue to grow and evolve in a digital-first world, we are seeking a strategic and business-savvy Business Information Security Officer (BISO) to bridge the gap between cybersecurity and business operations. The BISO is expected to be adaptable and have the ability to implement the integration of cybersecurity into our IT and operational technology (OT) ecosystems.

As the BISO, you will serve as the primary liaison between the BA Customers & Solutions Security & Resilience team and business units, ensuring that information and cybersecurity strategies align with business goals. You will be responsible for embedding security into business processes, managing risk, and driving a culture of security awareness across the organization. The BISO will report directly to the Head of Business Excellence, with additional reporting to the Director of Asset Management on the OT topics.

Main tasks

• Act as the trusted information and cybersecurity advisor to management and stakeholders
• Establishing, developing and implementing the Security Management System in the BU Heat UK through translation of technical security requirements into business-aligned strategies.
• Identify, assess, and mitigate information security risks within Heat UK
• Work as part of the BA Customers & Solutions Security & Resilience team to implement policies, standards, and controls.
• Lead security risk assessments, audits, and compliance initiatives and promote security awareness and training programs tailored to business needs.
• Support business continuity planning and incident response, including participation in on-call duty in connection with security incidents
• Monitor and report on key security metrics and risk indicators.
• Identify, register and assess cyber risks across business processes, applications, and industrial systems and translate security policies into actionable controls for IT/OT environments.
• Drive cybersecurity awareness and training tailored to business and OT users.
• Ensure compliance with industry regulations (e.g. ISO/IEC 62443, GDPR, etc).

Qualifications

• Experience in the above topics, preferably in information security management systems and service level agreements with exposure to both IT and OT environments.
• A proactive work attitude. Able to take responsibility and to keep focus on your goals
• Knowledge on how to cooperate with others, to prioritize and to work under pressure.
• A critical attitude when necessary and will talk to others about their professional responsibility.
• Very good communication and negotiation skills, also on a management level.
• Completed university studies, preferably in the fields of computer science, engineering or business informatics.
• Strong understanding of industrial control systems (ICS), SCADA, and business IT systems.
• Familiarity with cybersecurity frameworks (e.g., NIST CSF, ISO 27001, IEC 62443).
• Relevant certificates for proof of competence are an advantage: CISSP, GICSO, CRISC CISM, CISA, ISO 27001 Lead Auditor/Implementer
• Good knowledge of the ISO 27000 series of standards
• Very good abstraction skills and pronounced skills in logical-analytical and informatic thinking
• Very good command of spoken and written English
• Willingness to travel, primarily within Europe

Additional Information

Our offer 
Good remuneration, a challenging and international work environment, and the possibility to work with some of the best in the field. You will be working in interdisciplinary teams and you can always count on support from committed colleagues. We offer attractive employment conditions and opportunities for personal and professional development. 

More Information 
We welcome your application in English, no later than 24/08/2025. We kindly request that you do not send applications by any means other than via our website as we cannot guarantee that we will be able to process applications that are not made via our website. 
 
For more information about the recruitment process you are welcome to contact our recruiter Adam Hammond via adam.hammond@vattenfall.com 

Commitment to Diversity

Vattenfall is committed to promoting a diverse and inclusive community - a place where we can all be ourselves and succeed on merit. We offer a range of family friendly, inclusive employment policies, flexible working arrangements, staff engagement forums and services to support all our employees.

We are convinced that diversity contributes to build a more profitable and attractive company and we strive to be good role model regarding diversity. Vattenfall works actively for all employees to have the same opportunities and rights regardless of gender, ethnicity, age, transgender identity or expression, religion or other belief, disability or sexual orientation. 
 
We look forward to receiving your application!