Governance, Risk & Compliance Analyst in Glasgow

Base Location: You will be expected to spend 50% of your working week in one of the following locations: Glasgow or Perth.

Salary: £35,200 - £52,800 + performance‑related bonus + a range of benefits to support your finances, wellbeing and family.

Working Pattern: Permanent | Full Time | Flexible First options available.

Role Overview: The Risk Management team within Transmission IT plays a vital role in the protection and continued operations of the wider SSEN Transmission organisation. It presents an opportunity to work in an extremely exciting area, responsible for the identification, management, and remediation of conventional technology risks within both IT enterprise environments and those within the Transmission Operational Technology (OT) network. We are looking for a Governance, Risk and Compliance Analyst to join the team. This role will report into the IT Risk Manager and will be involved across the whole end‑to‑end risk process.

Responsibilities:

• Provide operational risk management support by managing and maintaining the operational risk register, collaborating with subject matter experts, facilitating risk‑based decision‑making, and fostering a culture that prioritises risk awareness throughout the organisation.
• Lead on improving the SSEN Transmission Control Library and facilitate the timely completion of the Transmission Control Assessment programme, driving enhancements through an understanding of organisational standards, policies, and programmatic work.
• Enhance SSEN Transmission’s threat assessment and intelligence processes to better articulate the relationships between threat, risk, and control to ensure short‑ and long‑term safeguarding of the organisation.
• Aide SSEN Transmission as an Operator of Essential Services (OES) in attaining the Enhanced Cyber Assessment Framework (CAF) profile, delivering evidence of best security practices and driving actions that reinforce organisational resilience.
• Support SSNT’s alignment with the SSE Group Enterprise Risk Framework (EMR) across the 2nd and 3rd line activities, including the management and delivery of audit findings and preparation of regulatory compliance submissions.

Qualifications:

• Experience in risk/controls assessments and with operating risk registers or risk‑based tools and applications.
• Knowledge of security management frameworks would be beneficial; for example, ISO/IEC 27001/2 Standards, NIST Cybersecurity Framework, NCSC CAF, MITRE ATT&CK framework, IEC 62443, etc.
• The ability to work collaboratively across multiple disciplines and with a diverse group of colleagues ensuring collective accountability and individual responsibility for task ownership.
• Strong reporting, analytical and presentational skills across all levels of an organisation structure.
• Relevant university degree or certification (e.g., CompTIA Security+, CRISC, CISA, CISM) would be advantageous.

Benefits: Enjoy discounts on private healthcare and gym memberships. Wellbeing benefits like a free online GP and 24/7 counselling service. Interest‑free loans on tech and transport season tickets, or a new bike with our Cycle to Work scheme. As well as generous family entitlements such as maternity and adoption pay, and paternity leave.

Equal Opportunity: SSE will make any reasonable adjustments you need to ensure that your application and experience with us is positive. We are dedicated to fostering an open and inclusive workplace where people from all backgrounds can thrive. We create equal opportunities for everyone to succeed and especially welcome applications from those who may not be well represented in our workforce or industry.