Security and Risk Manager

ElBits is an ambitious collaboration among Norway’s grid companies aimed at driving change in the power grid industry. We achieve this by integrating and standardizing data, as well as developing digital products. Our goal is to create a digital infrastructure that will enable the sector to increase grid capacity and efficiency, as well as streamline and improve customer journeys. With our partnerships, deep industry expertise, and access to critical data, we are uniquely positioned to innovate and address the challenges of today’s energy systems. By making data accessible and enabling collaboration, we unlock the grid industry's potential. Together, we contribute to solving one of the greatest challenges of our time - the energy transition. At ElBits, we are building critical digital services for the Norwegian power sector. These are national services that depend on trust, preparedness, and an uncompromising approach to security. As our data models grow and our products scale across grid companies, security is not only a compliance exercise, but at the heart of our mission. Over the past year, the value and sensitivity of the data we hold have increased significantly. We will soon have ten complete grid data models, and additional datasets are growing as planned. This development raises both the stakes and the opportunity: to strengthen our security posture in a practical way, to be deeply integrated in how we work, and aligned with our long-term ambition. That also means strengthening security directly in teams, workflows, and technology. We are now hiring a Security & Risk Manager to help build our methodology, readiness, and systematic way of working. This is a role that will shape how we protect data, run operations, and prepare for extraordinary situations, while enabling product teams to move quickly and safely. This is also an exciting moment to join. Our products are already being rolled out across grid companies, and more are coming in 2026. As complexity grows, the need for mature security practices grows with it. In this role, you will help us take the next step from “secure enough to operate” to “secure enough to be relied on as national infrastructure.” What will you do? The main goal of the Security & Risk Manager is to ensure that ElBits develops readiness and practical security capabilities that naturally fit how our product teams work. Your focus will be on understanding where we are, identifying the best next steps, and enabling teams to move forward confidently. That means engaging deeply with product and data teams, coordinating priorities, and fostering a collaborative, service-oriented approach across domains. In this role, you will bring the methodology, structure, and support needed as we scale. You’ll collaborate across the organisation and at times work directly with cross-functional teams, for example, supporting a product team with a specific security challenge, or helping them adopt new practices and tools. Flexibility is essential, and you will play an active part in shaping how security is embedded throughout ElBits. What you will be responsible for: Define our security best practices and guide the organisation toward them incrementally, ensuring security improvements without slowing down product development Build a systematic, repeatable approach to risk management, readiness, and incident response, ensuring ElBits can proactively identify and mitigate threats. Define and implement a practical security and preparedness methodology that is actionable, measurable, and aligned with our business objectives. Help balance agility with responsibility, enabling fast product delivery today while establishing robust security foundations for the future. Train teams so that the security methodology becomes part of everyday work and is embedded in the organisational culture. Ensure governance is documented, actively practised, and continuously improved, keeping policies up to date and aligned with evolving risks and regulations. Run and mature exercises, routines, and response processes, strengthening organisational readiness and incident handling capabilities. Implement sufficient security measures tailored to our operations, risk profile, and regulatory environment, without creating unnecessary friction for teams. Develop our ability to prevent, limit, and manage extraordinary situations, including incident response, threat modelling, and business continuity planning. Maintain documented risk analysis and clear governance across the organisation, ensuring transparency and accountability We also want teams to understand the risks in their areas, manage them proactively, and know that the organisation supports them in doing so. This role will therefore help with building the right approach that makes us both faster, safer, and builds readiness from the inside out. Who are we looking for? We are looking for a security professional who is pragmatic yet process-oriented, values cl