Senior Cyber Assurance Lead

 
  • SSE Plc
  • United Kingdom, ENG
  • May 10, 2022
Technology Full Time - Continuing

Job Description:

SSE has an ambitious strategy to be a leading energy company in a low carbon world. Our success hinges on the delivery of some pretty impressive projects across our low-carbon portfolio, and critical to their delivery will be the provision of sound assurance for the most pressing technology, digital and cyber risks.

We’re excited to be developing a new Group Technology Risk & Analytics function and are seeking an experienced Senior Cyber Assurance Lead to join our team to support the business and group technology function in assuring and consulting over the Group's cyber security position.

About the Role

Base Location: Perth, Glasgow or Reading (preferred). Other locations will be considered, however there will be a requirement for you to travel to one of our key sites c4-10 days per month on average.

Salary:£Competitive + car allowance + performance-related bonus + a range of other benefits to support your family, finances and wellbeing.

Working Pattern: Permanent | Full Time | Flexible First options available

This role would suit an experienced cyber security professional, who can work collaboratively yet objectively with senior stakeholder across the Group, Business Units and Corporate functions (particularly IT and Cyber Risk Teams) to develop an informed understanding of the cyber risk profile and strategic technology-enabled or dependent changes across the Group.

In addition to the above, your main responsibilities will include:-

- Scoping, auditing and reporting on a cyber security programme of assurance covering areas such as Ransomware readiness, Recover & Response capability, Zero Trust strategy review, Identity & Access Management, Vulnerability Management, Threat Intelligence capability, Cyber Risk in M&A, supplier risk and resilience and other ad hoc related areas.

- Provision of robust and pragmatic assurance advice that recognises business risk and impact, as well as the level of current cyber security maturity, supporting the business and programme teams to implement recommendations and improvements with clearly defined outcomes and timeframes.

- As required support change initiatives to increase the technology enablement of the Risk & Audit function. This may including using data analytics in audits, leveraging data visualisations for audit & risk reporting and active engagement in wider programmes for increasing cyber security capabilities.

- Proactively collaborate with colleagues internally within the Risk & Audit team, cross-functionally across the Group and with key partners, auditors and regulators as required.

What do I need?

Essential to this role will be your expert level knowledge and a genuine passion for IT and cyber security, which will likely be coupled with a recognised industry qualification such as CISSP, CISA, CISM, CCSP.

To be considered for this role, we would like you to have:-

- Robust understanding of risk-based assurance processes and risk management frameworks, ICT control frameworks and standards, automated application controls, operating system controls, networks, databases and general IT controls. Your experience should include demonstrable experience with security frameworks and best practices (NIST 800-53, ISO27001, GDPR, CIS and NIS, etc)

- Ability to engage effectively with stakeholders. You must be a clear and concise communicator (both written and verbally) with the ability to influence and explain technical and / or complex issues clearly in appropriate detail and business context at all levels within the organisation. You will be well organised, flexible, and have an ability to deliver within agreed timescales.

- A good understanding and experience of cloud security (e.g. with Azure, AWS, Google Cloud) and Active Directory, Microsoft Windows, Linux, Firewall security and network routing.

- Strong business acumen and continual improvement mindset with a clear focus on producing high quality work, and outcomes that truly add value to the business.

- Flexible approach to work, strong team working skills and a willingness to travel throughout the UK and Ireland as required

About our Business

SSE's Audit, Risk and Assurance teams are responsible for supporting the SSE Group in meeting their risk management responsibilities, ensuring that we meet our obligations under the UK Corporate Governance Code. We undertake assurance reviews right across the business to help identify any risks that may impact our performance, integrity, solvency or liquidity, and offer appropriate recommendations to help mitigate these.

What's in it for you?

An excellent package with 34 days holiday entitlement, enhanced maternity/paternity leave, discounted healthcare, salary sacrifice car leasing and much more, view our full benefits package on our careers site.

As an equal opportunity employer we encourage diversity and are committed to creating an inclusive environment for all employees. We actively encourage applicants from all protected characteristics and commit to providing any reasonable adjustments required during the application, assessment and upon joining SSE. Search for 'Inclusion & Diversity at SSE' to find out more.

Next Steps

All applications should be submitted online, and I'll be back in touch after the vacancy closing date to let you know the outcome.

If you would like to discuss any working differently requirements or adjustments you may require throughout the recruitment and selection process, please contact Jenna.Jackson@sse.com / 01738 341390.

Before commencing employment with SSE, you'll be required to fully complete our pre-employment screening process consisting of a basic criminal records and credit check.

#LI-JJ1

#LI-Hybrid