Cyber Governance, Risk & Assurance Lead

Cyber Governance, Risk & Assurance Lead

ScottishPower HQ, Glasgow - hybrid working

Salary: £46-57K (plus up to 10% bonus)

Permanent, Full Time

Help us create a better future, quicker

We are seeking a dynamic Cyber Governance, Risk & Assurance Lead to lead and manage our cyber security initiatives. This role involves planning, directing, and controlling cyber security business operations, while working alongside a team of dedicated security professionals.

What you'll be doing

1. Lead and manage cyber security initiatives and operational staff.
2. Oversee resource utilization and initiate corrective actions for the cyber security function.
3. Collaborate on various cyber security functions, including third-party management, data management (Data Loss Prevention), control assurance, response & recovery, and training & awareness programs.
4. Contribute to the global cyber security function, enhancing our cyber security posture and protecting systems and data against threats.
5. Support the cyber security function to reduce risk, achieve compliance with industry standards, and ensure business resilience.
6. Identify, assess, quantify, report, communicate, mitigate, and monitor incidents.
7. Ensure compliance with policies, processes, and procedures, and drive process improvements.
8. Revise and develop processes to strengthen the cyber security posture.
9. Review third-party supplier arrangements and address security challenges.
10. Manage data and risk activities, maintaining assurance frameworks for control effectiveness.
11. Integrate and optimize security services and platforms.
12. Support regulatory and industry compliance standards and risk reporting.
13. Collaborate with international companies within the Iberdrola Group and external clients providing cyber services.
14. Promote good cyber security practices and support business activities across the organization.

What you'll bring

The ideal candidate will have proven experience in managing cyber security, with or working towards certifications like CISSP, CISM, BCS ISMP, or equivalent. Experience in managing cyber security in IT environments with internal and external service provision, especially in continuous monitoring and incident response, is crucial. Knowledge of ISO/IEC 27001/27002 and ISMS creation/maintenance is advantageous. Familiarity with security platforms such as SIEM/SOAR, XDR, and Vulnerability Management is also beneficial. Experience in the energy utilities sector, particularly in electricity distribution and transmission, is a plus.

What's in it for you

As well as a competitive salary which is reviewed annually, you can also enjoy a number of other benefits. With our pension scheme, we'll double match your contribution up to a company contribution of 10%.

At ScottishPower, we believe it's the little things we do in life that make a big difference. Our benefits are designed to help you take care of your world - today and tomorrow. That's why our benefits include:

• 36 days annual leave
• Holiday purchase for extra annual leave
• Share Incentive Plan and Sharesave Scheme
• Payroll giving and charity matched funding
• Technology Vouchers
• Count us in - pledge to reduce carbon emissions
• Electric Vehicle Schemes
• Cycle to Work scheme and public transport season ticket loans
• Options to purchase dental insurance, private medical insurance, health cash plan and annual health assessments
• Life Assurance (4x salary)
• Access to financial wellbeing support
• Plus discounts on shopping, leisure, restaurants, and gyms

Why ScottishPower

ScottishPower is part of the Iberdrola Group, one of the world's largest integrated utility companies and a world leader in wind energy. With a commitment to generate all of our energy from renewable resources and a drive to create the energy infrastructure of the future, we're at the forefront of the journey to Net Zero. Inclusion, diversity, and a social purpose are at the heart of everything we do.

ScottishPower is committed to providing reasonable support or adjustments in our recruiting processes for candidates with disabilities, long term conditions, mental health conditions, or who are neurodivergent or require pregnancy-related support.