At a Glance
- Tasks: Lead governance, risk, and compliance for NESO's security function in a critical national infrastructure.
- Company: Join NESO, a key player in the UK's national security landscape.
- Benefits: Competitive salary, bonus potential, private medical insurance, and generous leave.
- Other info: Hybrid working options available; must have right to work in the UK.
- Why this job: Shape the future of security governance while driving impactful change in technology.
- Qualifications: Extensive experience in cyber security governance and risk management required.
About the Role
The Head of Governance, Risk & Compliance is a senior leadership role within NESO’s Security function, reporting directly to the Chief Information Security Officer. The role is responsible for developing, implementing and continually enhancing NESO’s security governance framework, threat‑led cyber risk management framework and assurance strategy across one of the UK’s most critical national infrastructure organisations.
The successful candidate will embed a proactive risk culture, strengthen regulatory confidence and ensure security is integrated into NESO’s digital, operational and business transformation agenda. This role requires a National Security Vetting clearance (SC). Applicants who do not currently meet the residency requirement may still express interest. The role is based in Wokingham or Warwick, with hybrid working options.
Key Accountabilities
Governance & Strategy
- Lead the development and continual evolution of NESO’s Security Governance Framework, ensuring alignment with organisational strategy, risk appetite and regulatory obligations.
- Develop and maintain security policies, standards, control frameworks and governance processes across cyber, technology and operational environments.
- Act as a strategic advisor to the CISO on governance, risk and assurance matters.
Threat‑Led Risk Management
- Develop and operate NESO’s enterprise cyber risk management framework, aligned to NIS Regulations, CAF, ISO27001 and enterprise risk management processes.
- Drive a threat‑informed approach to risk identification, assessment, prioritisation and treatment.
- Establish clear risk ownership and accountability across the organisation.
- Lead development of Board and Executive Committee cyber risk reporting.
- Provide independent challenge and assurance to major technology and business programmes.
Compliance & Assurance
- Develop and implement a comprehensive cyber assurance strategy covering technology, operational environments, third parties and critical suppliers.
- Lead NESO’s compliance activities relating to NIS Regulations, CAF, ISO27001 and other regulatory obligations.
- Manage relationships with regulators, auditors and external assurance providers.
- Establish metrics and reporting that provide meaningful insight into control effectiveness and organisational resilience.
Secure by Design & Transformation
- Ensure governance, risk and assurance activities support NESO’s digital, data, AI and technology transformation agenda.
- Embed secure‑by‑design and risk‑based decision‑making into technology delivery, cloud adoption and DevSecOps practices.
- Provide strategic oversight and challenge to major change programmes.
- Provide governance, risk and assurance oversight for emerging technologies, including AI, ensuring their adoption aligns with NESO’s risk appetite, regulatory obligations and security requirements.
Leadership & Culture
- Lead and develop a high‑performing Governance, Risk & Compliance function.
- Foster a proactive security culture that promotes accountability, transparency and continuous improvement.
- Build strong relationships across operational, technology and business teams to drive shared ownership of risk.
Applicants must have the right to work in the UK by the start of employment. Visa sponsorship may not be available for this role.
About You
You are a strategic security leader with the ability to operate at both executive and technical levels. You combine strong governance and risk leadership capabilities with sufficient technical credibility to challenge technology decisions, understand emerging threats and influence security outcomes across complex environments.
Essential
- Significant experience leading Cyber Security Governance, Risk and Compliance functions within critical national infrastructure, highly regulated or complex operational environments.
- Demonstrable experience designing and implementing enterprise security governance and threat‑led risk management frameworks.
- Proven track record leading NIS Regulations and CAF compliance programmes.
- Experience providing cyber risk reporting and strategic advice to Boards, Executive Committees and regulators.
- Experience operating within digital transformation, cloud, data, AI and DevSecOps environments.
- Experience leading assurance activities across technology and third‑party ecosystems.
- Strong understanding of modern cyber threats, threat intelligence and risk management methodologies.
- Experience building and leading high‑performing teams.
Desirable
- Energy sector experience.
- Experience working closely with NCSC, Ofgem or other regulatory bodies.
- Holding CISSP, CISM, CRISC, ISO27001 Lead Implementer/Auditor or equivalent.
- Experience developing governance, risk management and assurance approaches for emerging technologies, including AI, Generative AI and advanced analytics, with understanding of associated security, ethical and regulatory considerations.
What You’ll Get
- Competitive salary of £85,000 – £100,000, dependent on experience and capability.
- Benefits allowance, bonus up to 20% of salary for stretch performance, private medical insurance and 28 days annual leave.
- Competitive contributory pension scheme with company match up to 12% of contribution.
- Flexible benefits programme including:
- Flexible Bank Holidays & Holiday Trading
- Additional Birthday Day Off
- Cycle to Work Scheme, Retail & Gym Discounts
- Critical Illness Insurance & Personal Accident Insurance
NESO is an equal opportunity employer. We are committed to building a workforce that represents the communities we serve and to creating an environment in which every individual feels valued, respected, fairly treated and able to reach their full potential.
Head of Governance Risk and Compliance employer: National Energy System Operator Limited
Join a forward-thinking organisation dedicated to enhancing the UK's energy system resilience. With a strong emphasis on employee growth, we offer competitive salaries, flexible working arrangements, and a supportive work culture that values collaboration and innovation. Our locations in Wokingham, Warwick, and Glasgow provide unique opportunities for professional development while contributing to meaningful projects that impact the energy landscape.
Contact Details:
National Energy System Operator Limited Recruitment Team
StudySmarter Expert Advice🤫
We think this is how you could land Head of Governance Risk and Compliance
✨Join Compliance Communities
Get involved in compliance and risk communities — both online and offline. Look for forums, LinkedIn groups, or even local meetups where compliance pros hang out. You never know who might drop a job opportunity your way!
✨Attend Industry Conferences
Keep an eye out for compliance and risk management conferences and workshops in your area. These events are a goldmine for networking, and they often have job boards or recruiters on-site looking for new talent. Plus, it’s a chance to learn what's trending in the field.
✨Leverage Your University Career Services
If you’ve recently graduated or are still studying, head over to your university's career services. Many companies, including those in compliance, actively recruit fresh talent through these services, so make sure you tap into that resource.
✨Showcase Your Knowledge Online
Start writing articles or blog posts about compliance topics that interest you. Share them on platforms like LinkedIn to demonstrate your knowledge and passion. This not only builds your presence in the field but can also catch the attention of companies like National Energy System Operator Limited looking for candidates who are engaged and informed.
We think you need these skills to ace Head of Governance Risk and Compliance
Some tips for your application 🫡
Show Your Understanding of Compliance:In the compliance-risk field, it's super important to showcase your understanding of regulations and risk management frameworks. Highlight any relevant coursework, certifications (like ICA or AML), or even projects that demonstrate your knowledge and commitment to this area. We want to see how you can navigate this complex landscape!
Quantify Your Achievements:When detailing your experience, try to quantify your achievements. For example, if you've previously worked on a project that improved compliance metrics or reduced risk exposure, give us the numbers! This data-driven approach really stands out to hiring managers in compliance-risk roles.
Tailor Your CV to Reflect Relevant Skills:Make sure your CV highlights skills that are particularly relevant to compliance, like attention to detail, analytical thinking, and report writing. Ensure these are easy to spot – consider using bullet points to break down your responsibilities and achievements for maximum impact!
Craft a Motivating Cover Letter:In your cover letter, let us know why you’re excited about the compliance-risk role at National Energy System Operator Limited. Share what motivates you about compliance, and how you believe you can contribute to our mission. This is your chance to showcase not only your skills but also your passion for this important field!
How to prepare for a job interview at National Energy System Operator Limited
✨Master the Regulations
Brush up on key compliance regulations relevant to the industry you're applying to. Familiarising yourself with specific laws and frameworks used in your field will give you an edge during technical questions. Show that you’re not just aware of them but can also apply them—think real-life scenarios!
✨Show Your Analytical Skills
Compliance roles really focus on analytical skills, so be prepared for case studies or situational questions during the interview. We've got to demonstrate how we approach risk assessments or compliance audits, possibly drawing on examples from past experiences or university projects. Bring some thoughtful case scenarios to discuss!
✨Know Your Tools
Get comfortable with commonly used compliance software and tools. Familiarity with platforms like RSA or MetricStream can really impress during your interview, as it shows you're ready to hit the ground running. If you’ve had any experience with them, make sure to highlight that!
✨Align with Company Culture
Since it's a full-time position, show your long-term commitment and interest in the company’s mission and values. Dive into how your ethics and professional philosophy align with National Energy System Operator Limited’s stance on compliance. A shared vision can really resonate with interviewers looking for fit as much as skill!