Risk and Assurance Analyst in Glasgow

Our client Scottish Power are currently recruiting for a Risk and Assurance Analyst to join their team based in Glasgow on a contract basis initially. Ideally for this role they are looking for an experienced Risk and Assurance Analyst with a relevant background.

The role will be responsible for working across key areas within SPEN to support the implementation of the Operational Risk Framework, and oversee risk assessment activities. The role will support the Senior Risk and Governance Manager in all aspects of OT risk management and governance, part of the wider Cyber Risk function. This role will also provide a support role in SPEN's ambitious security transformation programme to transparently reduce risk, achieve compliance with NIS regulations and deliver a cyber resilient business.

• Collaborate with control owners to validate effectiveness of security controls and ensure testability.
• Oversight of the risk reports written by the responsible risk owners.
• Provide support and guidance to risk owners on identifying risks and to ensure that appropriate controls are implemented to mitigate the risk in line with risk tolerance.
• Identifying gaps in action planning and highlighting areas of improvement to ensure risks are adequately managed within the risk tolerance of SPEN risk appetite.
• Deliver training and awareness portfolio for internal and external stakeholders.
• Carrying out independent reporting of organisational risk to senior management and relevant governance forums.
• Facilitating reporting of the effectiveness of security controls and processes through Key Performance Indicators (KPIs), Key Risk Indicators (KRIs) and Key Control Indicators (KCIs).

Work within established security and risk management governance structures, usually under supervision to support, review and undertake risk management activities such as:

• Provide a support role as part of the regular NIS Cyber Assessment framework (CAF) compliance and regular reporting requirements.
• Support the Senior Risk and Governance Manager on all risk and compliance activities.
• Support the Senior Risk and Governance Manager to work collaboratively with the Regulator and the associated professional bodies to ensure the security strategies and plans are understood and in line with regulatory requirements.
• Helping with the analysis and derivation of business-supporting security needs.
• Provide advice to address identified Cyber Security related risks by applying a variety of security capabilities, which may include using published guidance, standards or experts as appropriate.

Technical Skills:

• Obtained or working towards relevant industry cyber security qualifications (e.g. GICSP, CISSP, CISM).
• Experience of developing Cyber Security Risk Management and Governance in an organisation of similar scope and scale to ScottishPower.
• Knowledge in cyber security frameworks and standards. An understanding of cyber security regulations as they apply to a UK energy supplier would be preferred.
• Knowledge in developing and delivering cyber risk assurance programmes.
• Experience of risk assessing cyber security risks and articulating these so that these can be understood at all levels of the organisation.
• Aware of key legislation and regulation impacting the delivery of IT and OT Cyber Security in an energy utility.
• Experienced in developing and communicating Cyber Security Risks.

Personal Skills/Abilities:

• Excellent communication skills.
• Developing and coaching team members.
• Experience of team productivity control.
• Ability to build effective relationships with key stakeholders, with a global perspective multi-cultural understanding and approach.
• Ability to adapt quickly to change.
• High integrity and emotional maturity.

Planning & Organising

• Planning and supporting the delivery of the ongoing SPEN cyber security transformation programme.
• Defining, delivering and reporting remediation plans for internal/external audit and regulatory non-compliance issues.

Internal and External Relationships

• Reports to Senior Cyber Risk & Governance Manager.

Special Requirements (not mandatory)

• Post holder must have the credibility associated with operating at a senior level and have demonstrable experience of influencing at Director Level.
• The role operates as part of a global team and periodic travel to Spain and other company locations may be required.

Minimum Criteria (mandatory)

• 3-5 years in similar work, preference for having worked in industrial sectors (energy or otherwise).
• Experience of developing Cyber Security Risk Management and Governance in an organisation, preferably of similar scope and scale to ScottishPower.
• Knowledge in cyber security frameworks and standards as well as an understanding of cyber security regulations as they apply to a UK energy supplier.
• Record of academic achievement, including some form of recognised qualification from further education, such as a degree or diploma.
• Good oral and written communication skills.
• Numerate and able to deal with finances for the purposes of managing budgets or contracts with suppliers.
• Willingness to travel internationally on business.
• Driving licence.
• Must be a proven team player to work, promote and consolidate efficient team working relationships.