Manufacturing Information Security Lead

Danfoss – Kolding, Region of Southern Denmark, Denmark

Role overview: The Manufacturing Information Security Lead (MISL) has a critical leadership role with general responsibility for Manufacturing OT/IT security compliance against audits and regulations from DGIT (Danfoss Group IT) to the manufacturing shop floor. The MISL is the primary link between the Central Information Security team and the Power Solutions business, driving the implementation of security policies, standards, and best practices. The MISL advises business leadership on security matters and helps manage and mitigate security risks specific to the Power Solutions manufacturing setup globally. The role operates globally from a segment level and requires strong communication, networking, and strategic thinking, alongside technical proficiency and process management knowledge. The role requires presence in Nordborg 2–3 days per week.

• Risk/Exception Owner On Entity Level
  • Serve as the primary risk owner of Information Security within the Power Solutions business segment around Operations.
  • Collaborate with business stakeholders (Plant Directors, etc.) to execute IT/OT security strategies and audits.
  • Identify, assess, and evaluate security risks and threats with the Information Security Steering Committee.
  • Develop and implement risk mitigation strategies and action plans.
  • Manage and track security exceptions with proper documentation and approval processes.
  • Report on the status of security risks and exceptions to Segment leadership and the central Information Security Steering Committee (ISSC) and CISO team.

• Product Security
  • Collaborate with product development teams to integrate security from design and development through testing of Power Solutions products, in close collaboration with the Segment Product team.
  • Stay informed about emerging product security threats and vulnerabilities.

• OT Security (IIoT/ICS/SCADA)
  • Develop and implement security strategies for Operational Technology environments, including IIoT, ICS, and SCADA systems.
  • Conduct security assessments of OT systems and identify vulnerabilities in collaboration with the OT Security team.
  • Work with OT teams to implement security controls and best practices.

• Non-DGIT Managed IoT/Servers/Applications
  • Identify and manage security risks for IoT devices, servers, and applications managed outside DGIT (SaaS and general Cloud solutions).
  • Ensure proper security monitoring and incident response capabilities are in place.

• Data Owner / Data Classification / Data Security
  • Serve as a data owner for key data assets within the Power Solutions business.
  • Clarify data protection requirements with the Information Security Steering Committee.
  • Ensure compliance with data privacy regulations (e.g., GDPR).

• Direct Procurement And 3rd Party Risk Management
  • Assess security risks associated with third-party vendors and suppliers with access to Power Solutions data or systems; assess security maturity at critical suppliers to ensure a stable supply chain.
  • Monitor vendor security performance and ensure compliance with security requirements.

• Business Continuity
  • Collaborate with business units to develop and maintain business continuity plans for critical processes.
  • Conduct regular business continuity testing and exercises.

• NIS2 And General Political Directive Compliance
  • Lead the implementation of regulatory and contractual requirements within the Power Solutions business.
  • Conduct gap assessments to identify areas lacking compliance.
  • Monitor compliance with NIS2 and report progress to business leadership and the central Information Security team.

• Master’s degree in Computer Science, Information Security, or other relevant fields.
• 5+ years of experience in information security, with a focus on risk management and security governance.
• Experience in Program Management.
• Experience in a manufacturing or industrial environment is highly desirable.
• Strong understanding of security frameworks and standards (e.g., ISO 27001, NIST Cybersecurity Framework).
• Experience with OT security and IIoT environments.
• Knowledge of data privacy regulations (e.g., GDPR).
• Experience with third-party risk management.
• Familiarity with business continuity planning.
• Strong communication and interpersonal skills; ability to work with both technical and non-technical stakeholders.
• Certifications such as CISSP, CISM, or CRISC are preferred.

• Skills
  • Risk Management
  • Security Governance
  • OT/IT Security
  • Product Security
  • Data Security
  • Third-Party Risk Management
  • Business Continuity Planning
  • NIS2 Compliance
  • Communication
  • Collaboration
  • Problem-solving

For More Information About The Position, Please Contact
Martin Ole Madsen
Head of Manufacturing Systems & Services
martin.madsen@danfoss.com

For Information Regarding The Recruitment Process, Please Contact
Bjørn Jepsen, Talent Acquisition
bjorn.jepsen@danfoss.com | +45 6012 2680

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, veteran status, or other protected category.