Security Governance Risk and Assurance Manager

About the DCC:\\n\\nAt the DCC, we believe in making Britain more connected, so we can all lead smarter, greener lives. That desire to make a difference is what drives us every day and it wouldn’t be possible without our people. Each person at the DCC brings a special kind of power to the business, and if you join us, we’ll give you the means to unleash yours.

Here, we depend on each other and hold each other accountable. You have the power to challenge and make change, to take the initiative and enjoy real responsibility. Whether it’s doing purposeful work, helping us grow or building the career you want – we’ll give you the support to do it all.

Our secure network for smart meters is transforming Britain’s energy system and helping the country’s fight against climate change: we want you to be part of our journey.\\n\\nThe role:\\n\\nThe Information Security Assurance Manager is a hands-on, multi-disciplinary role combining project assurance, governance, risk management, and compliance. You will work across business units, projects, and suppliers to ensure security is embedded in everything we do—from design to delivery. You will also support the development and maintenance of our Information Security Management System (ISMS), lead internal audits, and provide expert guidance on risk mitigation and regulatory compliance.\\n\\nKey Responsibilities:\\n\\nSecurity Assurance & Project Engagement\\n\\nProvide end-to-end security assurance across the Licence Renewal programme \\nAttend programme meetings to represent Information Security and provide expert guidance.\\nReview technical documentation (e.g., designs, network diagrams, data flows) to ensure alignment with security policies and architecture.\\nConduct Information Security Impact Assessments and Data Protection Impact Assessments.\\nSupport penetration testing and vulnerability assessments, tracking remediation to closure or handover to BAU.\\nTranslate technical risks into business language for stakeholders.\\nMaintain alignment with ISO27001 and other frameworks (e.g., NIST).\\nAdvise on compliance for staff, suppliers, and services.\\nSupport procurement activities with security assessments and contract reviews.\\n\\nSkills & Experience – Essential\\n\\nStrong experience in Information Security across complex environments (e.g., outsourced, telecoms, energy).\\nSolid grasp of risk management methodologies (ISO27005, ISO31000).\\nExcellent communication skills—able to engage with technical and non-technical stakeholders.\\nAbility to work independently and collaboratively in a fast-paced environment.\\n\\nSkills & Experience – Desirable\\n\\nRecognised certifications: CISSP, CISM, CISA, CEH.\\nISO27001 Lead Auditor / Implementer certification.\\nKnowledge of NIST Cybersecurity Framework and PKI.\\nUnderstanding of large public sector programmes.\\nEligible for HMG SC clearance.\\n\\nPersonal Attributes\\n\\nAnalytical and detail-oriented with a proactive mindset.\\nStrong stakeholder engagement and influencing skills.\\nAble to prioritise effectively and remain calm under pressure.\\nCommitted to continuous improvement and professional development.\\n\\nCompany benefits:\\n\\nThe DCC’s continued success depends on our people.

It’s important to us that you enjoy coming to work, and feel healthy, happy and rewarded. In this role, you’ll have access to a range of benefits which you can choose from to create a personalized plan unique to your lifestyle.\\n\\nIf there are any questions you’d like to ask before applying, please contact [recruiter name, email address] or complete your application, so we can learn more about you. Your application will be carefully considered, and you’ll hear from us regarding its progress.\\n\\nJoin the DCC and discover the power of you