Security Risk and Compliance Manager - ESO

About the Role

The UK has set out its ambition to be net zero by 2050 and the energy industry is responding – together we are building a cleaner, greener Britain.

As we grow the security team here at ESO, we are now looking for a skilled Security Risk and Compliance Manager. In this role, you will join a rapidly expanding & high-functioning team and will be expected to build and lead a comprehensive technology risk and compliance function. You will provide guidance and consultative engagement across the organisation, promoting and embedding a proactive culture to risk and compliance.

This role can be based from Wokingham or Warwick, and we continue to offer hybrid working from office and home.

About us

As Great Britain’s electricity system operator (ESO), we sit at the heart of the electricity system, using our outstanding engineering and commercial expertise to balance electricity supply and demand. Ultimately, we keep the electricity flowing directly to where it’s needed, second by second.

Becoming the Future System Operator
In 2021, government and Ofgem jointly consulted on proposals for an expert, impartial Future System Operator (FSO) with responsibilities across both the electricity and gas systems, to drive progress towards net zero while maintaining energy security and minimising costs for consumers. In October 2023, the Energy Act 2023 was passed, legislating for this Future System Operator to be created.  

The ESO, including all of its existing roles, will be at the heart of the new Future System Operator. We will be taking on additional roles across vectors and sectors to create an organisation with a whole energy system mindset; enabling us to identify solutions to our energy system that are more sustainable, secure, and affordable for all.  

The FSO will be set up as a public corporation with operational independence from government – bringing parties together to support optimised decision making and action. As now, it will be licenced and regulated by Ofgem through price control agreements. It is anticipated that the new organisation will be up and running in 2024.

The time to act on climate change is now. As part of our team, you won’t just be touching the lives of almost everyone in Great Britain – you’ll be shaping the way we use and consume energy for generations to come.

Key Accountabilities

• Develop, implement, and maintain comprehensive technology risk management framework and strategies to continuously monitor risks throughout the organisation. 
• Working closely with the threat intelligence team, monitor and analyse emerging threats and trends to proactively identify and adjust security risks and appropriate controls. 
• Establish risk assessment program and methodology. Identify technology risk impacting the business that is quantified, communicated, and managed, including recommendations for resolution, and identifying the root cause/key themes.
• Monitor the effectiveness of risk mitigation strategies and make adjustments as necessary. Analyse risk data and trends to identify areas for improvement and inform decision-making processes. 
• Work with the Security Governance team to ensure that policies and standards address and maintain relevant risk and compliance requirements. 
• Build and maintain relationships with stakeholders to facilitate oversight and effectiveness of the technical control environment. 
• Establish an Assurance Framework including comprehensive control testing to oversee adherence to policies and standards impacting technology and cyber risks.
• Provide guidance to project teams and departments on risk management best practices, championing a commercial & customer centric approach to managing risk and a pro-active compliance culture across ESO.
• Ensure compliance with the security aspects of applicable laws, regulations, and industry standards, including but not limited to NIS (UK), Data Protection, NIST, ISO27001, Cloud Security Alliance, SOX, 
• Lead all aspects of technology compliance: working with the business to support understand and adherence to compliance requirements; lead and co-ordinate inspections and audits; identification, maintenance and provision of compliance evidence and reporting internally/externally.
• Own the management of vendor security risks across the supply lifecycle. Continue to mature third-party security risk management capabilities, ensuring third-parties are adequately assessed and adhere to our standards. 
• Propose and ensure deployments of security measures to minimise third party risk.
• Develop, maintain and communicate management, executive and board level reporting for Digital, Data and Technology risk and compliance.

About You

• A proven information security professional with a compliance and risk management background, with experience of implementing: ISO27001/27005/31000, NIST, COBIT, ITIL etc.
• Extensive experience of developing risk management frameworks and writing statutory risk reports for governance committees and groups.
• Proven experience taking ownership of and maturing the security risk and compliance capability within an organisation.
• Demonstrable stakeholder management expertise, fostering positive behaviours and leading to successful engagement in risk and compliance activities.
• The ability to articulate, present and discuss the impact of technical and non-technical risks in the context of the organisation, to a wide-ranging audience.
• Previous security risk/compliance experience in critical national infrastructure or a similar sector, dealing with NIS Regulations and Data Protection Act.
• Degree-level qualification or equivalent combination of education and experience with strong background in Risk and Compliance
• Professional security qualifications/certifications in appropriate areas are desirable 
• An inclusive approach that creates belonging, builds trust and promotes innovation. 

What You'll Get

A competitive salary between £65,000 – 80,000 – dependent on experience and capability.

As well as your base salary, you will receive a bonus of up to 15% of your salary for stretch performance, 28 days annual leave as standard, and a competitive contributory pension scheme where we will double match your contribution to a maximum company contribution of 12%.

You will also have access to a comprehensive benefits package tailored to support your well-being and professional success. From a competitive salary to flexible work arrangements, we promote your work-life balance. Enjoy fit for purpose wellbeing and lifestyle offerings, ongoing skill development aligned to our Purpose and Values, and be part of a supportive community that values your individuality and where you can belong.

More Information

This role closes on 19/04/2024 at 23:59, however we encourage candidates to submit their application as early as possible and not wait until the published closing date as this can vary.

We work towards the highest standards in everything we do, including how we support, value and develop our people. Our aim is to encourage and support employees to thrive and be the best they can be. We celebrate the difference people can bring into our organisation, and welcome and encourage applicants with diverse experiences and backgrounds, and offer flexible and tailored support, at home and in the office. 

We're committed to building a workforce that represents the communities we serve, and a working environment in which each individual feels valued, respected, fairly treated, and able to reach their full potential.

#LI-BO1

#LI-HYBRID