Security Risk and Compliance Analyst - ESO

About the Role

Great Britain's electricity system is undergoing an ambitious, exciting and vital transformation. Together with industry, we are creating a cleaner, greener system, one that protects the planet and serves generations to come.

As we grow the security team here at ESO, we are now looking for skilled IT & Security Risk and Compliance Analysts. In this role, you will join a rapidly expanding & high-functioning team and will help build and implement a comprehensive technology risk and compliance approach. 

You will provide input, guidance and support to enable the effective identification, assessment, treatment, mitigation planning, monitoring and reporting of Security and IT risk and compliance across the organisation.

This role can be based from Wokingham or Warwick, and we continue to offer hybrid working from office and home.

About us

At National Grid ESO, our mission is to meet the challenges of the future and deliver cleaner, affordable electricity. We constantly strive to do this better by using technology and innovation to transform the way we work.

Becoming the National Energy System Operator
In 2024, the ESO will transition to becoming the National Energy System Operator, or NESO for short. Previously denoted as the Future System Operator (or FSO), the new National Energy System Operator will be the independent body responsible for planning Great Britain’s electricity and gas networks and operating the electricity system. 

The ESO, including all of its existing roles, will be at the heart of the new National Energy System Operator. As NESO, we will build on our existing roles, capabilities, and ways of working significantly to create an organisation the energy system and its users’ need. Our new capabilities will enable us to look across vectors, including electricity, natural gas and hydrogen, and crucially consider the trade-offs between them. 

The organisation will be set up as a public corporation with its own Board of independent directors, with complete operational independence from government, the regulator and any and all commercial interest. As the ESO are today, NESO will be licenced and regulated by Ofgem through price control agreements and obligated to identify optimal solutions to system operations and planning in the most sustainable, affordable and secure way for all. 

The time to deliver is now. As part of our team, you won’t just be touching the lives of almost everyone in Great Britain – you’ll be shaping the way we use and consume energy for generations to come.

Key Accountabilities

• Support the development, implementation and maintenance of ESO’s comprehensive technology risk management framework, policies, standards and procedures to continuously monitor risks throughout the organisation. 
• Conduct security and analysis including IT vulnerability and risk assessments, risk control evaluation, security requirements identification and verification.
• Support the risk assessment program and methodology to identify and provide oversight of technology risk impacting the business and ensure that it is assessed, quantified, communicated, and managed, including recommendations for resolution, and identifying the root cause/key themes.
• Monitor the effectiveness of risk mitigation strategies and make adjustments as necessary. 
• Work closely with the threat intelligence team, monitor and analyse emerging threats and trends to proactively identify and adjust security risks and feed into the development of appropriate controls. 
• Analyse risk data and trends to identify areas for improvement and inform decision-making processes. 
• Work with the Security Governance team to ensure that policies and standards address and maintain relevant risk and compliance requirements and that reporting is aligned to the organisations requirements.
• Work with the business to establish and maintain excellent relationships which support understanding and adherence to technology compliance requirements. 
• Provide guidance to project teams and departments on risk management best practices, championing a commercial & customer centric approach to managing risk and a pro-active compliance culture across ESO.
• Work with the Compliance Officer to ensure compliance with the security aspects of applicable laws, regulations, and industry standards, including but not limited to NIS (UK), Data Protection, NIST, ISO27001, Cloud Security Alliance, SOX, ITGC
• Support inspections and audits; identification, maintenance and provision of compliance evidence and reporting internally/externally. Support 2nd and 3rd line Assurance activities where required. 
• Incorporate vendor security risks into the overall technology risk framework, compliance and reporting requirements. 
• Provide data, analysis, recommendations – presented appropriately to support regular and ad hoc reporting at all levels from operational, management through to Board. 
• Contribute to the successful execution of the security strategy, owning the delivery of risk and compliance aspects.

About You

• A proven information security professional with a compliance and risk management background, with strong knowledge of security and IT Frameworks, standards and best practices e.g. ISO27001 & 27002/27005/31000, NIST, COBIT, ITIL etc.
• Experience of implementing risk management frameworks and using risk management and GRC tool. 
• Demonstrable stakeholder management expertise, fostering positive behaviours and leading to successful engagement in risk and compliance activities.
• Strong communication and interpersonal skills, with the ability to convey complex security concepts to non-technical stakeholders.
• Proficient in conducting risk assessments, audits, and security testing, with excellent analytical and problem-solving skills.
• Ability to manage multiple priorities and projects in a fast-paced environment.
• An attention to detail and drive to ensure risk is managed appropriately throughout the asset lifecycle, ensuring data and information is recorded, accurate and up to date.  
• The ability to articulate, present and discuss the impact of technical and non-technical risks in the context of the organisation.
• Previous security risk/compliance experience in critical national infrastructure or a similar sector, dealing with NIS Regulations and Data Protection Act would be beneficial.

What You'll Get

A competitive salary between £53,000 – 63,000 – dependent on experience and capability.

As well as your base salary, you will receive a bonus based on company performance, 26 days annual leave as standard and a competitive contributory pension scheme where we will double match your contribution to a maximum company contribution of 12%. 

You will also have access to a comprehensive benefits package tailored to support your well-being and professional success. From a competitive salary to flexible work arrangements, we promote your work-life balance. Enjoy fit for purpose wellbeing and lifestyle offerings, ongoing skill development aligned to our Purpose and Values, and be part of a supportive community that values your individuality and where you can belong.

More Information

This role closes on 14/07/2024 at 23:59, however we encourage candidates to submit their application as early as possible and not wait until the published closing date as this can vary.

We work towards the highest standards in everything we do, including how we support, value and develop our people. Our aim is to encourage and support employees to thrive and be the best they can be. We celebrate the difference people can bring into our organisation, and welcome and encourage applicants with diverse experiences and backgrounds, and offer flexible and tailored support, at home and in the office. 

We're committed to building a workforce that represents the communities we serve, and a working environment in which each individual feels valued, respected, fairly treated, and able to reach their full potential.

#LI-BO1

#LI-HYBRID