Cyber Security Governance Lead

Job Description

Cyber Security Governance Lead Reference Number – 77946This Cyber Security Governance Lead will report to the Cyber Security Manager and will work within the Information Systems directorate based in our Crawley office. You will be a permanent employee.You will attract a salary of 80,000.00 and a bonus of 7.5%. This role can also offer blended working after probationary period (6 months) – 3 days in the office and 2 remoteClose Date: 24/11/2023.We also provide the following additional benefits

• Annual Leave
• Personal Pension Plan – Personal contribution rates of 4% or 5% (UK Power Networks will make a corresponding contribution of 8% or 10%)
• Tenancy Loan Deposit scheme
• Tax efficient benefits: cycle to work scheme
• Season ticket loan
• Occupational Health support
• Switched On – scheme providing discount on hundreds of retailers products.
• Discounted access to sports and social clubs
• Employee Assistance Programme.

JOB PURPOSE:The Cyber Security Governance Lead will support the Cyber Security Manager in ensuring that UK Power Networks information systems and users are adequately protected from cyber threats and to ensure continuous and effective business operations. You will workwith the managed service providers, internal support teams and all partners to implement and operate cyber security processes on behalf of the Cyber Security Manager.DIMENSIONS:Provide support to the Cyber Security team in the security management of 6500+ internal users, contractors and associated infrastructure and systemsStaff – 2 assigned Cyber Security Risk and Compliance Analysts, plus third party resources and multiple service providersPRINCIPAL ACCOUNTABILITIES:

• Lead and deliver activities within the continuous programme of cyber security improvement relating to policy, risk, compliance and awareness enhancements

• Oversee, assure and improved the effectiveness of the companies Information Security Management system maintaining compliance with ISO 27001:2013

• You will help develop and implement the Cyber Security Strategy ensuring alignment to the company vision, values and strategic goals

• You will lead the development of multi–channel cyber security awareness materials and training to ensure company–wide and specialist audiences are serviced and the effectiveness of such activities is measured to lead continuous improvements

• Produce accurate cyber security metrics concerning governance, risk, compliance and awareness measures to demonstrate their effectiveness to practitioner, senior management and business audiences

• Develop and undertake risk prioritised cyber security assurance activities on the services delivered by third Party Service Providers where company systems and information assets are utilised

• Support cyber security incident response, recovery and lesson learned activities in relation misuse, loss or compromise of sensitive company data so to support the Cyber Security Operations Lead and the wider cyber security management capability

• Assist the Cyber Security Operations Lead in undertaking root cause analysis of security incidents to ensure prompt action is taken to prevent incident reoccurrence and strengthen relevant cyber security controls

• You will lead on the management and reporting of cyber security related risks within the Technology teams risk management governance framework and the overarching company risk management arrangements

• Direct the management of IT related audits where wholly or significantly relevant to the companies cyber security controls and supporting arrangements

• Develop and oversee the activities undertaken by a Junior Cyber Security Analyst as and when assigned

• Have ability to deputise for the Cyber Security Manager for certain pre–agreed tasks and activities

NATURE AND SCOPE:The Information Systems department works across UK Power Networks, supporting us in the achievement of our vision to become the best performing DNO. The team achieve this through the provision of technology solutions, and the optimisation of current solutionsto improve how we operate. Continuous improvement, customer service and seamless delivery is at the heart of this ethos and are therefore strongly underpinned by effective cyber security.You will work with the Cyber Security Manager, assigned Cyber Security Risk and Compliance Analysts, members of the Cyber Security team, the rest of Information Systems team, IT Service Providers and partners across UKPN to implement and improve cyber securityarrangements.You will blend several skillsets including cyber security control assurance, design, implementation, operation and governance. The main measure of success for this role is upholding the IT and organisational resilience of UKPN concerning cyber threats andincidents.Qualifications:

• 5 years+ experience of management of Cyber Security
• Hold an industry renowned information security qualification such as CISSP, CISM or BCS ISMP)
• Experience managing cyber security in IT environment with both internal and external service provision
• Experience orchestrating cyber security risk and control assessments
• Excellent working knowledge of ISO/IEC 27001/27002 and ISMS operation
• Excellent working knowledge of the Smart Energy Code
• Excellent working knowledge of the Network and Information Systems Directive and the NCSC Cyber Assessment Framework
• Establishes excellent relationships with senior colleagues and external partners
• Have good commercial acumen
• A UK national suitable for completing UK Government security vetting up to SC level

Health & Safety ResponsibilitiesManagers and supervisors carry both legal and company responsibilities for ensuring the health and safety of their employees, those under their control and those who might be affected by the work undertaken, i.e. public, visitors and employees of other organisations.This includes briefing individuals working for them and ensuring there is the necessary understanding, competence and application of requirements to work safely and without harming the environment. Employees will ensure they understand the health and safety risks involved in their work activities and their responsibility to apply the controls needed to manage those risks to acceptable