Cyber Supply Chain Risk Lead in Glasgow

We’re seeking a Cyber Supply Chain Risk Lead to play a pivotal role in protecting and strengthening the security of a complex, global energy environment. This position focuses on identifying, assessing, and mitigating cyber risks across the supply chain, ensuring that third-party vendors, suppliers, and partners operate to the highest security standards. Working across both onshore and offshore operations, you will develop and lead robust processes that safeguard the integrity, confidentiality, and availability of critical systems and services.

As part of a forward-looking and ambitious global cybersecurity function, you will contribute to a clear purpose: delivering cyber-resilient OT and IT environments that support a safe and reliable electricity supply. This is a key role within an extensive transformation programme designed to reduce risk, enhance transparency, and achieve compliance with NIS regulations through to 2027, ultimately enabling a more secure and resilient business. You will take ownership of the cyber supply chain risk management lifecycle, embedding best practices and ensuring alignment with industry standards and regulatory requirements. Acting as a subject matter expert, you will advise on cybersecurity clauses within legal agreements, guide senior stakeholders on risk acceptance, and provide clear reporting and insight to governance forums. Close collaboration will be central to success, working alongside security functions such as threat intelligence, vulnerability management, architecture, and governance to deliver a cohesive and integrated approach to risk management. Externally, you will engage with suppliers, regulators, and industry partners, building trusted relationships while ensuring compliance with contractual and legal obligations. You will also lead post-incident reviews related to supply chain events, ensuring lessons learned are captured and continuously improving processes and controls.

The role requires a strong understanding of cyber governance and supply chain risk methodologies, supported by recognised frameworks such as NIST, ISO, ISA/IEC 62443, and broader security principles. Experience operating in regulated environments, ideally within energy or OT settings, will be highly valuable, as will the ability to translate complex technical risks into clear, actionable insight for a range of audiences. Beyond technical expertise, this role calls for strong communication, stakeholder management, and decision-making capabilities. You will influence and guide senior leaders, support and develop others in managing supply chain risk, and drive a culture of continuous improvement and accountability. A proactive mindset, high integrity, and a genuine passion for cybersecurity will be essential.

This is an opportunity to take on a visible and impactful role within a renewables energy environment, shaping how cyber risks are managed across an evolving supply chain landscape while contributing to the long-term resilience of the organisation.

As well as a competitive salary which is reviewed annually, you can also enjoy a number of other benefits. With our pension scheme, we’ll double match your contribution up to a company contribution of 10%. At ScottishPower, we believe it’s the little things we do in life that make a big difference. From helping you look after your family’s wellbeing, save for your future and take personal steps for climate action – our benefits are designed to help you do just that - so that you have everything you need to take care of your world – today and tomorrow.

• 36 days annual leave
• Holiday purchase – perfect your work/life balance with extra annual leave
• Share Incentive Plan and Sharesave Scheme
• Payroll giving and charity matched funding
• Technology Vouchers – save more and spread the cost of your technology purchases
• Count us in – pledge to reduce carbon emissions and help fight climate change
• Electric Vehicle Schemes – to help you transition to green/clean driving
• Cycle to Work scheme and public transport season ticket loans
• Options to purchase dental insurance, private medical insurance, health cash plan and annual health assessments
• Life Assurance (4x salary)
• Access to ‘nudge’ financial wellbeing support
• Plus shopping, leisure, restaurant and gym discounts, and unique employee deals on travel insurance and more

ScottishPower is part of the Iberdrola Group, one of the world’s largest integrated utility companies and a world leader in wind energy. With a commitment to generate all of our energy from renewable resources and a drive to create the energy infrastructure of the future, we’re at the forefront of the journey to Net Zero and investing over £6m every working day to make this happen. With diverse opportunities across our businesses and a commitment to invest in our own internal talent, ScottishPower can offer people real career opportunities that meet personal and professional goals, in a global organisation.

Inclusion, diversity, and a social purpose are at the heart of everything we do. Together with our values, they bring us together into a stronger, more sustainable business with direct links to the communities we serve. It takes all kinds of people to build a large-scale business like ours, so whatever your background, you’ll fit right in.

ScottishPower is committed to providing reasonable support or adjustments in our recruiting processes for candidates with disabilities, long term conditions, mental health conditions, or who are neurodivergent or require pregnancy-related support. If you need support, please reach out to careers@scottishpower.com.