We are Centrica! We’re so much more than an energy company. We’re a family of brands revolutionising a cleaner, greener future. Working here is #MoreThanACareer - we’re powered by purpose. Together we can make an impact that will truly change tomorrow. Whether you’re developing cutting-edge green tech, helping customers on the front line or simplifying operations behind the scenes.
Your work here isn’t just a job – it’s a mission. We all play a vital role in energising a greener, fairer future.
An opportunity to play your part – As the successful candidate you will join the Centrica Centre of Excellence, focusing on Cyber and Information Security Risk management. Operating as the second line of defence within the Group IT function, Digital Technology Services (DTS), you will facilitate interactions between the team, DTS, and Centrica business units. Your collaborative efforts will ensure that Cyber and Information Security risks are identified and managed to protect Centrica’s customers, data, services, and systems.
You will support the Cyber and Information Security Risk Manager by performing analytical work on Risk Posture and appetite, providing insights to the Board of Directors about current threats and the landscape. Additionally, you will help manage the Technology risk posture for the entire Centrica group. This role involves analysing existing risk mitigation strategies and cyber controls, communicating their effectiveness to the Manager, and suggesting improvements.
Location: UK, Windsor (talk to us about flexible working)
The day to day –
- Support the implementation of the Cyber and Information Security risk framework, ensuring timely assessment and management of security risks, including threat evaluations and mitigation measures.
- Ensure Cyber and Information Security risks are either treated or accepted in accordance with the risk appetite.
- Work with the IT teams to identify and assess Cyber and Information Security risks.
- Ensure services are assessed and classified based on their Confidentiality, Integrity, and Availability.
- Ensure periodic risk assessments of key services, third parties, and regulatory commitments are performed, and remediation plans are monitored.
- Use the output of Cyber and Information Security risk assessments to identify control gaps and weaknesses and provide direction to strategy and change programs to improve control efficacy.
- Work with the business units to understand their key Information Security risks and agree on actions to mitigate or monitor and improve their controls.
- Prepare monthly and quarterly risk reports, including a quarterly IT Risk submission for business units, and collaborate with Group-level risk functions on Cyber and Information Security risk.
- Manage ad-hoc risk reporting requirements as required.
- Communicate risks and recommendations to senior leadership in non-technical terms, considering cost/benefit, to ensure Information Systems security.
- Assist Legal and Compliance teams, including Data Protection and Privacy, with Information Security risks.
- Stay informed about the external security environment and emerging trends to support Cyber and Information Security risk management.
- Collaborate to streamline and enhance risk management practices within the Group IT function (DTS) and Centrica business units.
About you –
- Demonstrated experience as a Cyber and Information Security analyst.
- In-depth knowledge of risk assessment methods for Cyber and Information Security.
- Proficiency in conducting risk and threat assessments according to industry standards, with expertise in compensating controls.
- Experience in modelling threat scenarios to identify Cyber Security threats from new or evolving systems and applications.
- Strong understanding of Cyber and Information Security technologies, including identity and access management, encryption, and multi-factor authentication.
- Familiarity with trends and emerging threats in the power utilities, retail energy, and oil & gas industries is advantageous but not essential.
- Ability to leverage external networks to stay informed about emerging Cyber and Information Security threats and events.
- Knowledge of internal and/or external regulatory policies, standards, procedures, and controls (e.g., NIST, ISO27xx, NIS 2, PCI DSS).
- Ideally, experience in a Cyber and Information Security risk function, or alternatively, experience in a 2nd or 3rd line role.
- Experience with OT/IoT and Cloud Cyber Security threats, controls, and risks is beneficial but not required.
- Highly analytical, with a methodical and structured approach and strong attention to detail.
- Effective communicator, capable of simplifying complex technical issues for all stakeholders.
- Ability to drive technical consensus and facilitate agreements with challenging stakeholders, fostering collaborative relations across Group and other lines of business.
- Possession of at least one relevant certification, such as Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), or a similar credential.
At Centrica we embrace diversity and actively seek to attract individuals with unique backgrounds and perspectives. To build a more sustainable future, we need the best team – a team with a diverse mix of people and skills, where everyone feels welcome and able to succeed. We are dedicated in helping to close the diversity gap and would love to see more females, people of colour and LGBTQ+ employees, as well as those from a variety of cultures and ethnicity to veterans and the differently abled. Supporting diversity and inclusion is a big part of who we are, we are not looking for people to fit into our culture but to add to it!