Information Security Specialist Permanent - Good salary + strong benefits Location: Hybrid - Bristol / Edinburgh - 2/3 days a week on site Your new company: A leading UK Law and Professional Services company is currently looking for an Information Security Specialist to come in and support the existing Information Security Manager to improve and maintain their governance, risk and compliance (GRC) capability and help us continually improve our ISO 27001/CE+ Information Security Management System (ISMS). The role is full-time, with a hybrid working pattern usually around 2/3 days a week in the office in Bristol or Edinburgh. The role responsibilities: Supporting and evolving our Information Security Management System (ISO 27001, Cyber Essentials Plus) Identifying and reducing security risks across people, processes and technology Investigating and responding to security incidents using a range of security tools Applying a root cause analysis approach to help prevent future incidents Providing assurance to clients and supporting security questionnaires Promoting a strong, firm wide security culture Communicating complex security topics clearly to a range of stakeholders Keeping up to date with the latest information security threats and vulnerabilities You will need: Strong understanding of information security principles within a professional services environment Good technical awareness and proven experience in a similar role Confident stakeholder management skills Experience with security frameworks (e.g. ISO 27001) Relevant industry-recognised certifications in security, risk management or IT (desirable) Strong awareness of the evolving cyber threat landscape, with a genuine interest in all aspects of security Ability to translate technical risks into clear, practical advice A curious mindset with a passion for continuous improvement What you'll get in return: This role is available for hybrid working with a typical requirement to work 2 or 3 days per week in the Bristol or Edinburgh office. Good salary with strong benefits such as company bonus, PMI, private GP in office, as well as more. Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at (url removed)
Jun 12, 2026
Full time
Information Security Specialist Permanent - Good salary + strong benefits Location: Hybrid - Bristol / Edinburgh - 2/3 days a week on site Your new company: A leading UK Law and Professional Services company is currently looking for an Information Security Specialist to come in and support the existing Information Security Manager to improve and maintain their governance, risk and compliance (GRC) capability and help us continually improve our ISO 27001/CE+ Information Security Management System (ISMS). The role is full-time, with a hybrid working pattern usually around 2/3 days a week in the office in Bristol or Edinburgh. The role responsibilities: Supporting and evolving our Information Security Management System (ISO 27001, Cyber Essentials Plus) Identifying and reducing security risks across people, processes and technology Investigating and responding to security incidents using a range of security tools Applying a root cause analysis approach to help prevent future incidents Providing assurance to clients and supporting security questionnaires Promoting a strong, firm wide security culture Communicating complex security topics clearly to a range of stakeholders Keeping up to date with the latest information security threats and vulnerabilities You will need: Strong understanding of information security principles within a professional services environment Good technical awareness and proven experience in a similar role Confident stakeholder management skills Experience with security frameworks (e.g. ISO 27001) Relevant industry-recognised certifications in security, risk management or IT (desirable) Strong awareness of the evolving cyber threat landscape, with a genuine interest in all aspects of security Ability to translate technical risks into clear, practical advice A curious mindset with a passion for continuous improvement What you'll get in return: This role is available for hybrid working with a typical requirement to work 2 or 3 days per week in the Bristol or Edinburgh office. Good salary with strong benefits such as company bonus, PMI, private GP in office, as well as more. Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at (url removed)
Alexander Mann Solutions - Contingency
City, Derby
AMS is a global workforce solutions partner committed to creating inclusive, dynamic, and future-ready workplaces. We help organisations adapt, grow, and thrive in an ever-evolving world by building, shaping, and optimising diverse talent strategies. Our Contingent Workforce Solution (CWS) is one way we support our clients. Acting as an extension of their recruitment teams, we connect them with skilled interim and temporary professionals, fostering workplaces where everyone can contribute and succeed. On behalf of our globally respected client who develop cutting-edge technologies that deliver clean, safe and competitive solutions to meet the planet's vital power needs we are looking for a Information Assurance Specialist for a 12 month contract based in Derby . Please note this role is hybrid position in which you would be required to work onsite 3 days per week and work from home 2 days per week. Purpose of the role: In this role you will be providing Information Assurance through the application of policy, standards and best practice to support the IT product teams. You will also be required to work with other IA specialists to ensure a common approach to cyber security issues is developed and documented. What you'll do: Reporting into the Lead Information Assurance Specialist, your primary responsibilities will be to: Support the development and continual improvement of Information Security policies, standards and procedures in line with ISO/IEC 27000, promoting a secure by design culture informed by business impact assessments, risk appetite and regulatory requirements. Serve as the Cyber Security representative on major programmes and product teams, providing authoritative guidance and approvals to ensure secure design, build and operation across IT, OT and AI enabled systems. Represent Cyber Security across strategic initiative including research collaborations, joint ventures and supply chain engagements ensuring security requirements and secure by design principles are embedded from concept through delivery. Assess organisational and technical compliance with security policies and standards, conduct configuration and architecture reviews, and evaluate adherence to legal, regulatory and industry obligations. Prioritise remediation using business impact assessments. Provide expert advice on the selection, implementation and assurance of security controls, ensuring alignment with NIS2, aerospace standards, export controls and emerging AI regulatory expectations. Advise stakeholders on risk reduction strategies, promote secure behaviours and support security awareness initiatives to strengthen secure by design engineering and decision making. Identify, assess and manage cyber security risks and concessions, ensuring decisions are guided by business impact assessments and integrated into enterprise risk and operational safety processes. Contribute to broader cyber security initiatives and capability uplifts, including OT security maturity, AI assurance, supply chain resilience and secure development lifecycle improvements. Apply and oversee security controls required by policy, risk assessment and regulatory drivers, ensuring the confidentiality, integrity and availability of business systems, including ICS, connected manufacturing platforms and AI supported operational systems. The skills you'll need: Strong overall understanding of information systems, their applications and lifecycle practices, with solid grounding in information security principles and governance. Proven ability to interpret and apply IT security compliance requirements while maintaining a pragmatic, risk based approach to standards implementation. Effective communicator with the ability to influence stakeholders and build consensus in formal and cross functional environments. Broad knowledge of cyber and information security, supported by relevant professional qualifications (e.g., CISSP, CISM, ISO 27001 Lead Implementer/Lead Auditor). Experience or strong awareness of enterprise cloud technologies, architectures and capabilities (e.g., Azure, AWS, GCP). Understanding of Operational Technology (OT) environments and the unique security considerations associated with industrial control systems. Experience with Governance, Risk and Compliance (GRC) tooling (e.g., Zen, Archer, ServiceNow GRC, OneTrust, MetricStream), including managing risk registers, control frameworks and compliance workflows at scale. Next steps We will only accept workers operating via an Umbrella or PAYE engagement model. If you are interested in applying for this position and meet the criteria outlined above, please click the link to apply and we will contact you with an update in due course. AMS, a Recruitment Process Outsourcing Company, may in the delivery of some of its services be deemed to operate as an Employment Agency or an Employment Business
Jun 12, 2026
Contractor
AMS is a global workforce solutions partner committed to creating inclusive, dynamic, and future-ready workplaces. We help organisations adapt, grow, and thrive in an ever-evolving world by building, shaping, and optimising diverse talent strategies. Our Contingent Workforce Solution (CWS) is one way we support our clients. Acting as an extension of their recruitment teams, we connect them with skilled interim and temporary professionals, fostering workplaces where everyone can contribute and succeed. On behalf of our globally respected client who develop cutting-edge technologies that deliver clean, safe and competitive solutions to meet the planet's vital power needs we are looking for a Information Assurance Specialist for a 12 month contract based in Derby . Please note this role is hybrid position in which you would be required to work onsite 3 days per week and work from home 2 days per week. Purpose of the role: In this role you will be providing Information Assurance through the application of policy, standards and best practice to support the IT product teams. You will also be required to work with other IA specialists to ensure a common approach to cyber security issues is developed and documented. What you'll do: Reporting into the Lead Information Assurance Specialist, your primary responsibilities will be to: Support the development and continual improvement of Information Security policies, standards and procedures in line with ISO/IEC 27000, promoting a secure by design culture informed by business impact assessments, risk appetite and regulatory requirements. Serve as the Cyber Security representative on major programmes and product teams, providing authoritative guidance and approvals to ensure secure design, build and operation across IT, OT and AI enabled systems. Represent Cyber Security across strategic initiative including research collaborations, joint ventures and supply chain engagements ensuring security requirements and secure by design principles are embedded from concept through delivery. Assess organisational and technical compliance with security policies and standards, conduct configuration and architecture reviews, and evaluate adherence to legal, regulatory and industry obligations. Prioritise remediation using business impact assessments. Provide expert advice on the selection, implementation and assurance of security controls, ensuring alignment with NIS2, aerospace standards, export controls and emerging AI regulatory expectations. Advise stakeholders on risk reduction strategies, promote secure behaviours and support security awareness initiatives to strengthen secure by design engineering and decision making. Identify, assess and manage cyber security risks and concessions, ensuring decisions are guided by business impact assessments and integrated into enterprise risk and operational safety processes. Contribute to broader cyber security initiatives and capability uplifts, including OT security maturity, AI assurance, supply chain resilience and secure development lifecycle improvements. Apply and oversee security controls required by policy, risk assessment and regulatory drivers, ensuring the confidentiality, integrity and availability of business systems, including ICS, connected manufacturing platforms and AI supported operational systems. The skills you'll need: Strong overall understanding of information systems, their applications and lifecycle practices, with solid grounding in information security principles and governance. Proven ability to interpret and apply IT security compliance requirements while maintaining a pragmatic, risk based approach to standards implementation. Effective communicator with the ability to influence stakeholders and build consensus in formal and cross functional environments. Broad knowledge of cyber and information security, supported by relevant professional qualifications (e.g., CISSP, CISM, ISO 27001 Lead Implementer/Lead Auditor). Experience or strong awareness of enterprise cloud technologies, architectures and capabilities (e.g., Azure, AWS, GCP). Understanding of Operational Technology (OT) environments and the unique security considerations associated with industrial control systems. Experience with Governance, Risk and Compliance (GRC) tooling (e.g., Zen, Archer, ServiceNow GRC, OneTrust, MetricStream), including managing risk registers, control frameworks and compliance workflows at scale. Next steps We will only accept workers operating via an Umbrella or PAYE engagement model. If you are interested in applying for this position and meet the criteria outlined above, please click the link to apply and we will contact you with an update in due course. AMS, a Recruitment Process Outsourcing Company, may in the delivery of some of its services be deemed to operate as an Employment Agency or an Employment Business
Job Title: Security Consultant Location: Hybrid (Bristol / Wiltshire office, circa 2 days pw) Salary: 45,000 - 75,000 + Benefits Are you an experienced Security Consultant looking for your next challenge? We are seeking passionate cyber security professionals with strong expertise in governance, risk and compliance (GRC), who can deliver complex projects and build trusted client relationships. As a Security Consultant , you will work on a variety of Defence and Public Sector assignments, requiring current SC clearance. Projects will range from risk assessments and ISO 27001 implementations to developing full ISMS frameworks and supporting clients through accreditation. You'll provide expert guidance across standards such as NIST, CAF, and Secure by Design. Security Consultant role is highly client-facing, requiring excellent communication skills and the ability to collaborate with technical teams. You'll stay ahead of industry developments, contribute to tender responses, and help shape innovative solutions. We are looking for a Security Consultant with experience in security assurance, accreditation, secure by design, and risk management, alongside recognised qualifications such as CISSP, CISM, or ISO 27001 Lead Implementer. Ideally you will be familiar with GRC practices in similar environments also. In return, you'll enjoy a competitive salary, remote working, training budget, private healthcare, bonus scheme, and a culture that values collaboration, growth, and well-being. Take the next step in your career as a GRC Specialist / Security Consultant - apply today. People Source Consulting Ltd is acting as an Employment Agency in relation to this vacancy. People Source specialise in technology recruitment across niche markets including Information Technology, Digital TV, Digital Marketing, Project and Programme Management, SAP, Digital and Consumer Electronics, Air Traffic Management, Management Consultancy, Business Intelligence, Manufacturing, Telecoms, Public Sector, Healthcare, Finance and Oil & Gas.
Oct 03, 2025
Full time
Job Title: Security Consultant Location: Hybrid (Bristol / Wiltshire office, circa 2 days pw) Salary: 45,000 - 75,000 + Benefits Are you an experienced Security Consultant looking for your next challenge? We are seeking passionate cyber security professionals with strong expertise in governance, risk and compliance (GRC), who can deliver complex projects and build trusted client relationships. As a Security Consultant , you will work on a variety of Defence and Public Sector assignments, requiring current SC clearance. Projects will range from risk assessments and ISO 27001 implementations to developing full ISMS frameworks and supporting clients through accreditation. You'll provide expert guidance across standards such as NIST, CAF, and Secure by Design. Security Consultant role is highly client-facing, requiring excellent communication skills and the ability to collaborate with technical teams. You'll stay ahead of industry developments, contribute to tender responses, and help shape innovative solutions. We are looking for a Security Consultant with experience in security assurance, accreditation, secure by design, and risk management, alongside recognised qualifications such as CISSP, CISM, or ISO 27001 Lead Implementer. Ideally you will be familiar with GRC practices in similar environments also. In return, you'll enjoy a competitive salary, remote working, training budget, private healthcare, bonus scheme, and a culture that values collaboration, growth, and well-being. Take the next step in your career as a GRC Specialist / Security Consultant - apply today. People Source Consulting Ltd is acting as an Employment Agency in relation to this vacancy. People Source specialise in technology recruitment across niche markets including Information Technology, Digital TV, Digital Marketing, Project and Programme Management, SAP, Digital and Consumer Electronics, Air Traffic Management, Management Consultancy, Business Intelligence, Manufacturing, Telecoms, Public Sector, Healthcare, Finance and Oil & Gas.
Senior IT GRC Specialist is required by prestigious financial services organisation in the heart of the City. In this collaborative role, you will support the development and enhancement of IT Governance, Risk, and Compliance frameworks, working closely with senior stakeholders, internal IT teams, and third-party partners to manage IT risk and ensure regulatory compliance across the business. Key Responsibilities: Governance: Contributing to the implementation and continuous development of IT GRC frameworks. Assisting in the review and maintenance of IT GRC documentation. Assist in the implementation and communication of IT risk and control management frameworks. Conduct governance reviews in line with agreed schedules and document outcomes. Maintain documentation for IT risk and control management processes. Support the preparation and delivery of formal IT GRC reporting. Risk: Identifying, assessing, and documenting IT risks. Supporting IT risk management activities, including the execution of technical IT risk assessments. Supporting risk owners to define remediation plans and monitor progress on remediation activities. Manage day-to-day operational and technical IT risks. Support IT risk owners in identifying and assessing technical IT risks and assist in documenting and tracking remediation plans. Contribute to formal risk reporting processes within Group IT and to second-line functions. Assist in the coordination and execution of annual operational risk assessments. Compliance: Evaluating compliance with IT control requirements as defined in internal policies and standards. Supporting periodic reviews and assessments related to IT GRC. Support IT control compliance activities, including annual reviews and maturity assessments of IT controls. Assist IT control owners with control self-assessments and attestations to support second-line permanent control checks. Coordinate IT control attestations across Group IT and with third-party service providers. Key Skills and Experience: Significant experience in Information Security Governance, Risk, and Compliance (GRC), with a focus on IT risk and control management. Strong analytical skills with the ability to perform technical IT security and operational risk assessments. High attention to detail, ensuring accuracy in documentation, assessments, and compliance activities. Strong understanding of information security risk management principles, frameworks (eg, ISO 27001, NIST), and compliance practices. Exposure and understanding of IT infrastructure, business applications, and their associated risks and controls. Experience collaborating with internal and external audit teams, including supporting audit readiness and evidence gathering. Proven ability to work effectively across multi-disciplinary, multi-cultural, and geographically dispersed teams. Excellent written and verbal communication skills, with the ability to convey complex information clearly to both technical and non-technical audiences. Strong interpersonal and presentation skills, with confidence engaging stakeholders at all levels. Industry-recognised technical certifications such as ITIL, CISSP, CRISC, or similar are desirable but not essential. Familiarity with regulatory requirements such as DORA is desirable. This is a fantastic opportunity to join a highly respected financial services organisation with a collaborative culture and strong commitment to professional growth. You'll gain exposure to a wide range of GRC activities and enjoy the opportunity to develop your career within a supportive and dynamic environment.
Oct 03, 2025
Full time
Senior IT GRC Specialist is required by prestigious financial services organisation in the heart of the City. In this collaborative role, you will support the development and enhancement of IT Governance, Risk, and Compliance frameworks, working closely with senior stakeholders, internal IT teams, and third-party partners to manage IT risk and ensure regulatory compliance across the business. Key Responsibilities: Governance: Contributing to the implementation and continuous development of IT GRC frameworks. Assisting in the review and maintenance of IT GRC documentation. Assist in the implementation and communication of IT risk and control management frameworks. Conduct governance reviews in line with agreed schedules and document outcomes. Maintain documentation for IT risk and control management processes. Support the preparation and delivery of formal IT GRC reporting. Risk: Identifying, assessing, and documenting IT risks. Supporting IT risk management activities, including the execution of technical IT risk assessments. Supporting risk owners to define remediation plans and monitor progress on remediation activities. Manage day-to-day operational and technical IT risks. Support IT risk owners in identifying and assessing technical IT risks and assist in documenting and tracking remediation plans. Contribute to formal risk reporting processes within Group IT and to second-line functions. Assist in the coordination and execution of annual operational risk assessments. Compliance: Evaluating compliance with IT control requirements as defined in internal policies and standards. Supporting periodic reviews and assessments related to IT GRC. Support IT control compliance activities, including annual reviews and maturity assessments of IT controls. Assist IT control owners with control self-assessments and attestations to support second-line permanent control checks. Coordinate IT control attestations across Group IT and with third-party service providers. Key Skills and Experience: Significant experience in Information Security Governance, Risk, and Compliance (GRC), with a focus on IT risk and control management. Strong analytical skills with the ability to perform technical IT security and operational risk assessments. High attention to detail, ensuring accuracy in documentation, assessments, and compliance activities. Strong understanding of information security risk management principles, frameworks (eg, ISO 27001, NIST), and compliance practices. Exposure and understanding of IT infrastructure, business applications, and their associated risks and controls. Experience collaborating with internal and external audit teams, including supporting audit readiness and evidence gathering. Proven ability to work effectively across multi-disciplinary, multi-cultural, and geographically dispersed teams. Excellent written and verbal communication skills, with the ability to convey complex information clearly to both technical and non-technical audiences. Strong interpersonal and presentation skills, with confidence engaging stakeholders at all levels. Industry-recognised technical certifications such as ITIL, CISSP, CRISC, or similar are desirable but not essential. Familiarity with regulatory requirements such as DORA is desirable. This is a fantastic opportunity to join a highly respected financial services organisation with a collaborative culture and strong commitment to professional growth. You'll gain exposure to a wide range of GRC activities and enjoy the opportunity to develop your career within a supportive and dynamic environment.
Information Security Assurance & Cyber Specialist - Hybrid Our client is urgently looking for an experienced Information Security Assurance & Cyber Specialist to join their team based in London on a permanent basis. Please note, the role is hybrid, with 2-4 days per week on-site. You will assist the Cyber & Information Security Specialist in ensuring our firm adheres to governance and assurance obligations, such as ISO 27001:22. You will also collaborate closely with the Information Security Technology Manager to safeguard the company using the latest and most advanced security tools. This multifaceted role combines security governance and assurance with hands-on technical skills, utilising state-of-the-art security products to proactively protect the firm and its valuable assets. Your organisational skills and responsiveness will be crucial, as you will need to maintain a keen eye for detail and adapt to a flexible work schedule with shifting priorities. A positive, can-do attitude is essential as you tackle various tasks with enthusiasm and diligence. You will be rewarded with an excellent salary, as well as a brilliant benefits package including discretionary bonus, annual leave, pension scheme, private medical cover, life assurance, season ticket loan, cycle to work scheme, discounted gym membership and many, many more perks! Information Security Assurance & Cyber Specialist - Key Skills: Highly experienced in information security governance, risk management, and compliance. Demonstrated experience with developing and implementing information security policies, procedures, and standards. Experience with SOC 2, ISO 27001, NIST 800-53 and GDPR compliance frameworks is highly preferred. Strong understanding of security risk management principles and methodologies. Excellent communication, collaboration, and interpersonal skills. Ability to work independently and as part of a team. Proficient in Microsoft Office Suite and security information management tools. Experience with security awareness and training programs. Experience with GRC (Governance, Risk, and Compliance) tools. Certified Information Systems Security Professional (CISSP) or equivalent certification. Information Security Assurance & Cyber Specialist - Hybrid Due to the volume of applications received for positions, it will not be possible to respond to all applications and only applicants who are considered suitable for interview will be contacted. Proactive Appointments Limited operates as an employment agency and employment business and is an equal opportunities organisation We take our obligations to protect your personal data very seriously. Any information provided to us will be processed as detailed in our Privacy Notice, a copy of which can be found on our website
Oct 02, 2025
Full time
Information Security Assurance & Cyber Specialist - Hybrid Our client is urgently looking for an experienced Information Security Assurance & Cyber Specialist to join their team based in London on a permanent basis. Please note, the role is hybrid, with 2-4 days per week on-site. You will assist the Cyber & Information Security Specialist in ensuring our firm adheres to governance and assurance obligations, such as ISO 27001:22. You will also collaborate closely with the Information Security Technology Manager to safeguard the company using the latest and most advanced security tools. This multifaceted role combines security governance and assurance with hands-on technical skills, utilising state-of-the-art security products to proactively protect the firm and its valuable assets. Your organisational skills and responsiveness will be crucial, as you will need to maintain a keen eye for detail and adapt to a flexible work schedule with shifting priorities. A positive, can-do attitude is essential as you tackle various tasks with enthusiasm and diligence. You will be rewarded with an excellent salary, as well as a brilliant benefits package including discretionary bonus, annual leave, pension scheme, private medical cover, life assurance, season ticket loan, cycle to work scheme, discounted gym membership and many, many more perks! Information Security Assurance & Cyber Specialist - Key Skills: Highly experienced in information security governance, risk management, and compliance. Demonstrated experience with developing and implementing information security policies, procedures, and standards. Experience with SOC 2, ISO 27001, NIST 800-53 and GDPR compliance frameworks is highly preferred. Strong understanding of security risk management principles and methodologies. Excellent communication, collaboration, and interpersonal skills. Ability to work independently and as part of a team. Proficient in Microsoft Office Suite and security information management tools. Experience with security awareness and training programs. Experience with GRC (Governance, Risk, and Compliance) tools. Certified Information Systems Security Professional (CISSP) or equivalent certification. Information Security Assurance & Cyber Specialist - Hybrid Due to the volume of applications received for positions, it will not be possible to respond to all applications and only applicants who are considered suitable for interview will be contacted. Proactive Appointments Limited operates as an employment agency and employment business and is an equal opportunities organisation We take our obligations to protect your personal data very seriously. Any information provided to us will be processed as detailed in our Privacy Notice, a copy of which can be found on our website
Are you ready to make a meaningful impact in the world of cyber security? At UK Power Networks, we're seeking a dedicated Senior Cyber Security Risk Specialist to join our Information Systems directorate in either our London or Crawley office. With a competitive salary of up to 75,000.00 plus a 7.5% bonus. Step into a pivotal role where your skills and insights will help shape the security posture of a leading energy distribution company. You'll report directly to the Cyber Security Governance, Risk & Compliance Manager and play a vital part in safeguarding essential business operations from evolving cyber threats. The role is dynamic and collaborative, involving close teamwork with a group of 8-10 GRC professionals and expert partners. You'll mentor less experienced analysts, offer guidance and training, and occasionally deputise for the GRC Manager, representing UK Power Networks at industry forums and regulatory working groups. Communication is at the heart of this position; you'll interact regularly with senior management across IT, IS, and the broader business, as well as with auditors and third-party partners, translating technical risks into actionable recommendations. Your main accountabilities will revolve around conducting cyber security risk assessments using the UK Power Networks framework, identifying, tracking, and remediating control environment risks, and ensuring third-party risks are also addressed. You'll produce management information and regulatory submissions, maintain compliance with major standards like ISO 27001/27002, and provide assurance for policy compliance. Establishing robust GRC policies and procedures, developing the IT controls framework, and supporting business continuity and disaster recovery planning will all fall under your remit. You'll operate and improve our information security management system, ensure ongoing compliance with legal and regulatory requirements such as Cyber Essentials, NIS Regulations, and the Smart Energy Code, and support technical implementation of GRC tools. Imagine being part of a team that is integral to delivering seamless technology solutions and continuous improvement throughout the organisation. The Information Systems Department underpins our commitment to operational excellence, customer service, and cyber resilience. In this role, you'll assess IT and cyber risks, drive improvements in our cyber maturity, collaborate with a variety of internal and external partners, and enable UK Power Networks to maintain its license to operate by demonstrating a strong and sustainable security posture. We're looking for someone with practical experience in GRC, audit, or cyber security, and with relevant training in cyber risk assessment. You should have a deep knowledge of at least three specialist areas such as industry standards, operational controls, risk management, business continuity, or supply chain security. Professional certifications like CISSP, CompTIA, CISA, CISM, CRISC, or an academic background in information security will be highly valued, along with hands-on experience in compliance frameworks, IT/OT risk assessments, and audit engagements. Familiarity with regulated environments, especially within the energy sector, will be advantageous. Beyond a competitive salary and bonus, we offer 25 days of annual leave plus bank holidays, reservist leave, a generous pension plan, tenancy loan deposit and season ticket schemes, tax-efficient benefits, health support, retail discounts, and an employee assistance programme. We are committed to supporting your health, safety, and wellbeing, and are proud to be an equal opportunity employer who values diversity and inclusion at every level. If you are motivated to support a critical infrastructure business, thrive in a collaborative environment, and are passionate about advancing cyber security, we invite you to apply and become a key player in the future of UK Power Networks. Take the next step towards an exciting and rewarding career-your expertise could make all the difference. Click apply to view the full job description on our careers page with a closing date of 28/09/2025
Sep 23, 2025
Full time
Are you ready to make a meaningful impact in the world of cyber security? At UK Power Networks, we're seeking a dedicated Senior Cyber Security Risk Specialist to join our Information Systems directorate in either our London or Crawley office. With a competitive salary of up to 75,000.00 plus a 7.5% bonus. Step into a pivotal role where your skills and insights will help shape the security posture of a leading energy distribution company. You'll report directly to the Cyber Security Governance, Risk & Compliance Manager and play a vital part in safeguarding essential business operations from evolving cyber threats. The role is dynamic and collaborative, involving close teamwork with a group of 8-10 GRC professionals and expert partners. You'll mentor less experienced analysts, offer guidance and training, and occasionally deputise for the GRC Manager, representing UK Power Networks at industry forums and regulatory working groups. Communication is at the heart of this position; you'll interact regularly with senior management across IT, IS, and the broader business, as well as with auditors and third-party partners, translating technical risks into actionable recommendations. Your main accountabilities will revolve around conducting cyber security risk assessments using the UK Power Networks framework, identifying, tracking, and remediating control environment risks, and ensuring third-party risks are also addressed. You'll produce management information and regulatory submissions, maintain compliance with major standards like ISO 27001/27002, and provide assurance for policy compliance. Establishing robust GRC policies and procedures, developing the IT controls framework, and supporting business continuity and disaster recovery planning will all fall under your remit. You'll operate and improve our information security management system, ensure ongoing compliance with legal and regulatory requirements such as Cyber Essentials, NIS Regulations, and the Smart Energy Code, and support technical implementation of GRC tools. Imagine being part of a team that is integral to delivering seamless technology solutions and continuous improvement throughout the organisation. The Information Systems Department underpins our commitment to operational excellence, customer service, and cyber resilience. In this role, you'll assess IT and cyber risks, drive improvements in our cyber maturity, collaborate with a variety of internal and external partners, and enable UK Power Networks to maintain its license to operate by demonstrating a strong and sustainable security posture. We're looking for someone with practical experience in GRC, audit, or cyber security, and with relevant training in cyber risk assessment. You should have a deep knowledge of at least three specialist areas such as industry standards, operational controls, risk management, business continuity, or supply chain security. Professional certifications like CISSP, CompTIA, CISA, CISM, CRISC, or an academic background in information security will be highly valued, along with hands-on experience in compliance frameworks, IT/OT risk assessments, and audit engagements. Familiarity with regulated environments, especially within the energy sector, will be advantageous. Beyond a competitive salary and bonus, we offer 25 days of annual leave plus bank holidays, reservist leave, a generous pension plan, tenancy loan deposit and season ticket schemes, tax-efficient benefits, health support, retail discounts, and an employee assistance programme. We are committed to supporting your health, safety, and wellbeing, and are proud to be an equal opportunity employer who values diversity and inclusion at every level. If you are motivated to support a critical infrastructure business, thrive in a collaborative environment, and are passionate about advancing cyber security, we invite you to apply and become a key player in the future of UK Power Networks. Take the next step towards an exciting and rewarding career-your expertise could make all the difference. Click apply to view the full job description on our careers page with a closing date of 28/09/2025
