- Company Name
- UK Power Networks Services
- Job Title
- Senior Cyber Security (GRC) Analyst
- Job Description
-
80422 - Senior Cyber Security (GRC) Analyst
This Senior Cyber Security (GRC) Analyst will report to the Cyber Security Governance, Risk & Compliance Manager and will work within the Information Systems directorate based in either our London or Crawley office. You will be a permanent employee.
You will attract a salary of up to £75,000.00 and a bonus of 7.5%. This role can also offer blended working after probationary period (6 months) - 3 days in the office and 2 remote
Close Date: 25/03/2025
We Also Provide The Following Additional Benefits
25 Days Annual Leave plus bank holidays.
Reservist Leave – Additional 18 days full pay and 22 unpaid
Personal Pension Plan – Personal contribution rates of 4% or 5% (UK Power Networks will make a corresponding contribution of 8% or 10%)
Tenancy Loan Deposit Scheme, Season Ticket Loan
Tax efficient benefits: Cycle to Work, Home & Tech, and Green Car Leasing Schemes
Occupational Health support
Switched On – scheme providing discount on hundreds of retailers’ products
Discounted gym membership
Employee Assistance Programme
Job Purpose
The Senior Governance Risk and Compliance (GRC) Analyst will support the Cyber Security GRC Manager in developing IT governance, risk management, and compliance strategies across UK Power Networks information applications and users to safeguard essential business services and operations from cyber threats.
Dimensions
People - Work collaboratively in a team of circa 8-10 permanent and temporary GRC resources and specialist 3rd Party GRC service providers. Mentor less experienced GRC analysts, providing guidance and training.
Financial - no direct budget responsibility.
Industry and Regulatory – deputise for the GRC manager to represent UKPN in energy sector industry forums and regulatory working groups, working collaboratively with Ofgem and the Department for Energy Security and Net Zero
Communication – communicate and work with all teams and partners in UK Power Networks. Good verbal, written, and presentational skills to express risks and the potential possible effects to the business and make reasoned recommendations for management action to mitigate or reduce the risks.
Stakeholders – regular and ongoing interaction with senior management across IT, IS and the Business; Build relationships with internal support teams, internal and external auditors, specialist 3rd party service providers and partners to manage IT risk, and to monitor mitigation plans and actions.
Principal Accountabilities
Risk Management: Conduct cyber security risk assessments following the UK Power Networks risk assessment framework and methodology, identifying and explaining findings and treatment actions to important partners. Ensure all risks relating to the control environment are captured and remediation actions defined, tracked, monitored and followed-up with owners including communication of third-party assessments and actions.
Reporting: Produce management information related to the risk and control environment. Support IS teams to define main control metrics to demonstrate their effectiveness. Prepare regulatory submissions and provide assurance for UK Power Networks policy compliance within IT which includes main performance metrics and management reporting.
Information Security Management System Support: Operate and maintain the information security management system and artefacts, in compliance with ISO 27001/27002 including the governance forum agenda and minutes.
Policies and Standards: establish GRC policies, standards and procedures to monitor UKPN information security controls, exceptions, risks, and testing including management reporting on performance.
Controls Framework: Ensure a fit for purpose and robust IT control environment and support a roadmap for IT controls improvements. Requiring an understanding of technical issues and controls.
Compliance: Design, implement, and run processes to monitor UKPN IT compliance to legal and regulatory requirements such as Smart Energy Code, Cyber Essentials, National Cyber Security Centre (NCSC) Networks & Information Systems (NIS) Regulations Cyber Assessment Framework (CAF) and all IT related audits (internal and external) where the scope is wholly or significantly relevant to the companies cyber security controls.
Business Continuity and Disaster Recovery: Own and maintain IT resilience and business continuity plans, plan, coordinate test exercises. Conduct business continuity reviews and evaluate resilience and business continuity activities.
GRC Systems and Tools Support: support the technical implementation, maintenance and configuration of the suite of GRC tools, products and systems to ensure effective operation of GRC frameworks and capabilities.
Stakeholder Management: Engage and work with important partners across IT, IS and the Business, maintaining daily working relationships with internal and external support teams, internal and external auditors, UKPN regulator Ofgem, third party managed service providers and partners to manage all IT risks across the enterprise.
Supply Chain and 3rd Party: Engage, interact and ensure 3rd party supplies are meeting cyber security expectations. Gather evidence and assurance, risk assess and create reports and governance metrics for measuring the ongoing risk and impact that 3rd party suppliers present to UKPN.
Nature and scope
The Information Systems Department works across UK Power Networks, supporting us in the achievement of our vision to maintain its position as best DNO. The team achieve this through the provision of technology solutions, and the optimisation of current solutions to improve how we operate. Continuous improvement, customer service and seamless delivery is at the heart of this ethos and are therefore underpinned by effective cyber security.
You will assess Cyber and IT risks and undertaking risk management activities within UK Power Networks. Also you will support UK Power Networks cyber security maturity improvements in processes that are necessary to protect our customers from cyber threats.
You will support all other team members, the rest of Information Systems teams, IT Service Providers and partners across UK Power Networks to implement and improve IS and IT risk management and operational control capabilities that are important to safeguarding UKPN information assets, business services and operations.
Knowledge: We ask that you understand governance, risk management, and compliance principles, in addition to a knowledge of relevant laws, regulations, and industry standards. We are looking for a detailed knowledge and practical expertise in at least 3 of the following specialist areas: -
Specific Industry Standards
IS/IT Operational Controls and Governance
IT/IS Risk Management
Business Continuity Planning and Disaster Recovery
Supply Chain and 3rd Party Risk Management
Problem Solving: The role must have strong analytical and problem-solving skills to recommend pragmatic mitigat...
