Information Security Officer

Join us as we work to unlock the value of offshore wind! JERA Nex bp is a new joint venture between JERA, Japan’s largest power generation company, and bp, one of the world’s leading energy companies. Established to unlock the potential of offshore wind across the globe, our talented team, exciting pipeline and solid capital commitment give us the potential to become one of the world’s most successful offshore wind companies.

We entered the market with a portfolio of operational and development assets, alongside the resources, capabilities and resilience to deliver offshore wind energy at scale.

Ensure the security of JNBP’s Information Technology and that the security meets the expectations of both regulators and shareholders.

• Evaluate, design and ensure enforcement of the information security policies that align with business needs and regulatory requirements such as ISO 27001, NIST, GDPR, and relevant local regulations
• Assure the organisation’s information security management system (ISMS) is managed, extend the ISMS across the group, and drive continuous improvement to meet accreditation standards (e.g., ISO 27001:2022)
• Drive the integration of security controls into business operations and digital solutions in collaboration with Digital, O&M, legal and audit
• Oversee and support incident response planning and investigations, including coordination with legal and disciplinary processes when necessary
• Oversee that regular risk assessments and audits are conducted to identify vulnerabilities and implement mitigation strategies
• Monitor emerging threats and regulatory changes, steering to updating policies and controls accordingly
• Guarantee information security documentation and evidence is maintained as required for external audits and certification processes
• Lead compliance initiatives to ensure adherence to legal, statutory, regulatory, and contractual obligations related to information security
• Promote and where necessary lead security awareness and training across the organisation to ensure all employees understand and comply with security policies
• Ensure and consolidate reporting of incident security incidents and audits as required by leadership, shareholders and regulators.

• Professional certifications such as CISSP (Certified Information Systems Security Professional)
• In-depth understanding of information security frameworks (e.g., ISO/IEC 27001, NIST)
• Strong grasp of risk management principles and practices
• Proficiency in security technologies, particularly the Microsoft suite, and zero trust security architecture.
• Familiarity with data privacy laws and regulations (e.g., GDPR)
• Experience with incident response, disaster recovery, and business continuity planning
• Ability to conduct security audits, and vulnerability assessments
• Minimum 5 years of experience in information security
• Proven track record of developing and implementing security policies and procedures

• A collaborative and inclusive work culture, with space for team-building and social activities
• Flexible working hours and the opportunity to work from home, with regular in-person connection
• Opportunities for career growth and professional development in a fast-growing international company.

JERA Nex bp is a purpose-built offshore wind company committed to unlocking the power of offshore wind by developing high-quality, competitive projects.

A 50:50 joint venture between JERA Co. and bp, JERA Nex bp is an end-to-end developer, owner and operator with more than fifteen years of experience in operating offshore wind projects.

Headquartered in London, with offices across Europe, Asia, US and Australia, JERA Nex bp has a portfolio of operational and development projects across nine countries, and draws on a rich heritage of pioneering offshore wind in Asia Pacific and the North Sea.