Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Lead cyber risk management and governance, ensuring effective communication of strategies.
- Company: Join SP Energy Networks, a key player in renewable energy and Scotland's Net Zero goals.
- Benefits: Enjoy hybrid working, competitive salary, and a bonus of up to 10%.
- Why this job: Be part of a transformative journey in cyber security with a focus on social impact.
- Qualifications: Proven experience in Cyber Security with relevant industry qualifications required.
- Other info: We value diversity and support candidates with disabilities throughout the recruitment process.
The predicted salary is between 48000 - 60000 £ per year.
Location: Glasgow
Salary: £48-60K (plus up to 10% bonus)
Hybrid working, Permanent
Help us create a better future, quicker. Scottish Power Energy Networks (SPEN) is embarking on a Cyber Security Transformation Programme. We are looking for a Cyber Risk Lead to help implement and manage the Cyber Risk Methodology across SPEN, and ensure that Cyber Security Policies, Frameworks, Rules, and Methodologies are well-designed and effectively communicated within the Business.
What you’ll be doing:
- The Cyber Risk Lead will be crucial in managing and mitigating cyber risks within SPEN.
- Responsibilities include maintaining the risk register, performing detailed risk assessments, and developing risk treatment plans.
- The role supports the Head of Governance, Risk, and Assurance in OT risk management and governance, contributing to the broader Cyber Risk function.
- The role also involves driving SPEN's security transformation to reduce risk, achieve NIS compliance, and enhance cyber resilience.
- Additionally, the Cyber Risk Lead will develop and implement cyber governance frameworks aligned with regulatory standards and industry best practices.
- The role requires proactive risk identification, fostering security awareness, and ensuring effective communication of cyber risk strategies across the organization.
- Collaboration with stakeholders such as control owners, risk owners, and regulators is essential to maintain and improve SPEN’s cyber security posture.
What you’ll bring:
- Knowledge and experience of Cyber Security, evidenced by industry qualifications (e.g., GICSP, CISSP, CISM).
- Experience in developing and leading Cyber Security Risk Management and Governance in organizations of similar scope and scale, preferably with global security management experience.
- Knowledge of cyber security risk assessment processes.
- Experience in writing Cyber Policies.
- Awareness of key legislation and regulation affecting IT and OT Cyber Security in energy utilities.
- Ability to maintain and update the risk register accurately.
- Expertise in conducting comprehensive risk assessments.
- Skills in developing risk treatment plans aligned with risk tolerance.
- Proficiency in preparing risk reports for senior management and stakeholders.
- Experience leading or participating in cyber risk forums.
- Capability to support NIS compliance activities, including assessments and reporting.
- Proficiency in developing and implementing cyber governance frameworks.
Why SP Energy Networks:
Part of the Iberdrola Group, we are a leading utility company supporting renewable energy growth and Scotland’s Net Zero ambitions by 2044. We invest heavily in our transmission network, connecting wind farms and other infrastructure, and offer diverse career opportunities within a global organization. Our commitment to inclusion, diversity, and social purpose underpins our operations. We welcome candidates from all backgrounds and are dedicated to providing support during recruitment for those with disabilities or special needs.
Risk + Governance Lead employer: ScottishPower
Contact Detail:
ScottishPower Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Risk + Governance Lead
✨Tip Number 1
Familiarise yourself with the latest trends and challenges in cyber security, especially within the energy sector. This knowledge will not only help you during interviews but also demonstrate your genuine interest in the role and the company.
✨Tip Number 2
Network with professionals in the cyber security field, particularly those who have experience in risk management and governance. Attend industry events or join relevant online forums to connect with potential colleagues and learn more about the specific challenges they face.
✨Tip Number 3
Prepare to discuss your previous experiences in developing and implementing cyber governance frameworks. Be ready to share specific examples of how you've successfully managed cyber risks and contributed to compliance efforts in past roles.
✨Tip Number 4
Research SP Energy Networks' current initiatives and projects related to cyber security transformation. Understanding their goals and challenges will allow you to tailor your discussions and show how your skills can directly contribute to their objectives.
We think you need these skills to ace Risk + Governance Lead
Some tips for your application 🫡
Tailor Your CV: Make sure your CV highlights relevant experience in Cyber Security and Risk Management. Use keywords from the job description, such as 'Cyber Risk Methodology' and 'risk assessments', to demonstrate your fit for the role.
Craft a Compelling Cover Letter: Write a cover letter that specifically addresses how your skills and experiences align with the responsibilities of the Cyber Risk Lead position. Mention your knowledge of cyber security legislation and your ability to develop governance frameworks.
Showcase Relevant Qualifications: Include any industry qualifications you possess, such as GICSP, CISSP, or CISM, prominently in your application. This will help establish your credibility and expertise in Cyber Security.
Highlight Collaboration Skills: Emphasise your experience working with stakeholders, control owners, and regulators. Provide examples of how you've successfully communicated risk strategies and fostered security awareness within an organisation.
How to prepare for a job interview at ScottishPower
✨Showcase Your Cyber Security Knowledge
Make sure to highlight your understanding of cyber security principles and methodologies. Be prepared to discuss relevant industry qualifications like GICSP, CISSP, or CISM, and how they relate to the role.
✨Demonstrate Risk Management Experience
Prepare examples from your past roles where you successfully managed cyber risks. Discuss your experience with risk assessments, maintaining risk registers, and developing risk treatment plans to show your capability in this area.
✨Communicate Effectively
Since the role involves collaboration with various stakeholders, practice articulating your thoughts clearly. Be ready to explain complex cyber security concepts in a way that is understandable to non-technical audiences.
✨Align with SPEN's Values
Familiarise yourself with SPEN's commitment to renewable energy and diversity. During the interview, express how your personal values align with their mission and how you can contribute to their goals.
