Cyber Risk & Assurance Leader – Hybrid UK in Glasgow

We are seeking a dynamic Cyber Risk Lead, to lead and manage our cyber security initiatives. This role involves planning, directing, and controlling cyber security business operations, while working alongside a team of dedicated security professionals.

The successful candidate will lead and manage cyber security initiatives and operational staff, oversee resource utilization, and initiate corrective actions for the cyber security function. They will collaborate on various cyber security functions, including third-party management, data management (Data Loss Prevention), control assurance, response & recovery, and training & awareness programs. Additionally, they will contribute to the global cyber security function, enhancing our cyber security posture and protecting systems and data against threats. The role also involves supporting the cyber security function to reduce risk, achieve compliance with industry standards, and ensure business resilience.

The role requires identifying, assessing, quantifying, reporting, communicating, mitigating, and monitoring incidents. Ensuring compliance with policies, processes, and procedures, and driving process improvements is essential. The candidate will revise and develop processes to strengthen the cyber security posture, review third-party supplier arrangements, and address security challenges. They will manage data and risk activities, maintaining assurance frameworks for control effectiveness, and integrate and optimize security services and platforms.

The Lead will support regulatory and industry compliance standards and risk reporting. They will collaborate with international companies within the Iberdrola Group (e.g., Scottish Power, Corporate IT, Iberdrola Cyber Fusion Centre) and external clients providing cyber services. Promoting good cyber security practices and supporting business activities across the organization is also a key aspect of the role.

The ideal candidate will have proven experience in managing cyber security, with or working towards certifications like CISSP, CISM, BCS ISMP, or equivalent. Experience in managing cyber security in IT environments with internal and external service provision, especially in continuous monitoring and incident response, is crucial. Knowledge of ISO/IEC 27001/27002 and ISMS creation/maintenance is advantageous. Familiarity with security platforms such as SIEM/SOAR, XDR, and Vulnerability Management is also beneficial. Experience in the energy utilities sector, particularly in electricity distribution and transmission, is a plus.

As well as a competitive salary which is reviewed annually, you can also enjoy a number of other benefits. With our pension scheme, we’ll double match your contribution up to a company contribution of 10%. At ScottishPower, we believe it’s the little things we do in life that make a big difference. From helping you look after your family’s wellbeing, save for your future and take personal steps for climate action – our benefits are designed to help you do just that - so that you have everything you need to take care of your world – today and tomorrow.

• 36 days annual leave
• Holiday purchase – perfect your work/life balance with extra annual leave
• Share Incentive Plan and Sharesave Scheme
• Payroll giving and charity matched funding
• Technology Vouchers – save more and spread the cost of your technology purchases
• Count us in – pledge to reduce carbon emissions and help fight climate change
• Electric Vehicle Schemes – to help you transition to green/clean driving
• Cycle to Work scheme and public transport season ticket loans
• Options to purchase dental insurance, private medical insurance, health cash plan and annual health assessments
• Life Assurance (4x salary)
• Access to ‘nudge’ financial wellbeing support
• Plus shopping, leisure, restaurant and gym discounts, and unique employee deals on travel insurance and more

ScottishPower is part of the Iberdrola Group, one of the world’s largest integrated utility companies and a world leader in wind energy. With a commitment to generate all of our energy from renewable resources and a drive to create the energy infrastructure of the future, we’re at the forefront of the journey to Net Zero and investing over £6m every working day to make this happen. With diverse opportunities across our businesses and a commitment to invest in our own internal talent, ScottishPower can offer people real career opportunities that meet personal and professional goals in a global organisation.

Inclusion, diversity, and a social purpose are at the heart of everything we do. Together with our values, they bring us together into a stronger, more sustainable business with direct links to the communities we serve. It takes all kinds of people to build a large-scale business like ours, so whatever your background, you’ll fit right in.

ScottishPower is committed to providing reasonable support or adjustments in our recruiting processes for candidates with disabilities, long term conditions, mental health conditions, or who are neurodivergent or require pregnancy-related support.