Senior Cyber Security (GRC) Analyst in Crawley

This Senior Cyber Security Risk Specialist will report to the Cyber Security Governance, Risk & Compliance Manager and will work within the Information Systems directorate based in either our London or Crawley office. You will be a permanent employee.

You will attract a salary of up to £85,000.00 depending on experience, skills and qualifications and a bonus of 7.5%. This role can also offer blended working after probationary period (6 months) - 3 days in the office and 2 remote.

Job purpose: The Senior Cyber Security Risk Specialist will support the Cyber Security GRC Manager in developing IT governance, risk management, and compliance strategies across UK Power Networks information applications and users to safeguard essential business services and operations from cyber threats.

Dimensions:

• People - Work collaboratively in a team of circa 8-10 permanent and temporary GRC resources and specialist 3rd Party GRC service providers. Mentor less experienced GRC analysts, providing guidance and training.
• Industry and Regulatory – deputise for the GRC manager to represent UKPN in energy sector industry forums and regulatory working groups, working collaboratively with Ofgem and the Department for Energy Security and Net Zero.
• Communication – communicate and work with all teams and partners in UK Power Networks. Good verbal, written, and presentational skills to express risks and the potential possible effects to the business and make reasoned recommendations for management action to mitigate or reduce the risks.
• Stakeholders – regular and ongoing interaction with senior management across IT, IS and the Business; Build relationships with internal support teams, internal and external auditors, specialist 3rd party service providers and partners to manage IT risk, and to monitor mitigation plans and actions.

Principal accountabilities:

• Risk Management: Conduct cyber security risk assessments following the UK Power Networks risk assessment framework and methodology, identifying and explaining findings and treatment actions to important partners.
• Reporting: Produce management information related to the risk and control environment. Support IS teams to define main control metrics to demonstrate their effectiveness.
• Information Security Management System Support: Operate and maintain the information security management system and artefacts, in compliance with ISO 27001/27002.
• Policies and Standards: establish GRC policies, standards and procedures to monitor UKPN information security controls, exceptions, risks, and testing including management reporting on performance.
• Controls Framework: Ensure a fit for purpose and robust IT control environment and support a roadmap for IT controls improvements.
• Compliance: Design, implement, and run processes to monitor UKPN IT compliance to legal and regulatory requirements.
• Business Continuity and Disaster Recovery: Own and maintain IT resilience and business continuity plans, plan, coordinate test exercises.
• GRC Systems and Tools Support: support the technical implementation, maintenance and configuration of the suite of GRC tools, products and systems.
• Stakeholder Management: Engage and work with important partners across IT, IS and the Business.
• Supply Chain and 3rd Party: Engage, interact and ensure 3rd party supplies are meeting cyber security expectations.

Nature and scope: The Information Systems Department works across UK Power Networks, supporting us in the achievement of our vision to maintain its position as best DNO. Continuous improvement, customer service and seamless delivery is at the heart of this ethos and are therefore underpinned by effective cyber security.

You will assess Cyber and IT risks and undertake risk management activities within UK Power Networks. You will support UK Power Networks cyber security maturity improvements in processes that are necessary to protect our customers from cyber threats.

Knowledge: We ask that you understand governance, risk management, and compliance principles, in addition to a knowledge of relevant laws, regulations, and industry standards. We are looking for a detailed knowledge and practical expertise in at least 3 of the following specialist areas:

• Specific Industry Standards
• IS/IT Operational Controls and Governance
• Business Continuity Planning and Disaster Recovery
• Supply Chain and 3rd Party Risk Management

Problem Solving: The role must have strong analytical and problem-solving skills to recommend pragmatic mitigating solutions for IT risks across the organisation.

Accountability: The Senior role ensures we are compliant with relevant laws, regulations, and industry standards, in a sustainable way.

Qualifications: Practical experience in a GRC role or related profession e.g. risk, audit, cyber security or similar practical experience in IT or OT role with a desire to move into cyber security.

We are committed to equal employment opportunity regardless of race, colour, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender, gender identity or expression, or veteran status.