Share this Job
Apply now »
Employment Type:  Full/Part Time
Employment Period:  Permanent
Salary:  Competitive Salary & Benefits
Location: 

Gloucester, GB

Career Area:  Data, Tech & IT

Security Lead (Governance, Risk & Compliance)

The Opportunity


#WeAreEDF and are leading the transition to a cleaner, low emission electric future, tackling climate change and helping Britain achieve net zero.    

We are currently looking to recruit a Security Lead who will primarily work within the Enterprise Information Security Governance, Risk & Compliance Team but will provide wider support and engagement across a diverse portfolio of stakeholders across EDF (UK). The Enterprise Information Security team sit within the Enterprise Information Technology business and are responsible for Enterprise-level Information Security governance and assurance across EDF (UK).  This opportunity will be particularly interesting for those with an interest in the security of compter-based systems supporting Operational Technology (e.g. Control Systems, Building Management Systems, etc.)


Day to Day:
 

  • Develop and maintain cybersecurity policy and guidance to support and align with organisational initiatives and regulatory compliance.
  • Develop, implement and maintain compliance program, supporting privacy compliance, security policy governance, and incident response needs of the business.
  • Conduct comprehensive assessments of the management, operational, and technical security controls and control enhancements employed within or inherited by an information technology (IT) or operational technology (OT) systems to determine the overall effectiveness of the controls.
  • Establish, implement and maintain organisation-wide security policies, standards and procedures
  • Monitor the rigorous application of cyber policies, principles, and practices in the delivery and management services
  • Review, conduct, or participate in audits of cyber programs and projects
  • Advise senior management (e.g. Chief Information Officer (CIO)) on risk levels and security posture.
  • Conduct Privacy Impact Assessments (PIAs) of the application security design for the appropriate security controls, which protect the confidentiality and integrity of Personally Identifiable Information (PII).
  • Evaluate cost/benefit, economic, and risk analysis in decision-making process.
  • Interpret patters of non-compliance to determine their impact on levels of risk and/or overall effectiveness of the enterprise's cybersecurity programme.
  • Prepare audit reports that identify technical and procedural findings and provide recommended remediation strategies/solutions.
  • Provide guidance on laws, regulations, policies, standards, or procedures to management, personnel, or clients.
  • Liaise with regulatory and accrediting bodies.
  • Review autorisation and assurance documents to confirm that the level of risk is within acceptable limits for each software application, system, and network.
  • Verify that application software/network/system security postures are implemented as stated, document deviations, and recommend required actions to correct those deviations.
  • Develop security compliance processes and/or audits for external services (e.g. cloud service providers, data centres).
  • Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
  • Support necessary compliance activities (e.g. ensure that system security configuration guidelines are followed, compliance monitoring occurs).
  • Ensure that all acquisitions, procurements, and outsourcing efforts address information security requirements consistent with organisation goals.


 

 

The Person

 

What makes a great Secuirty Lead?
 

  • Ownership: Proactive and able to take initiative with minimal direction or supervision. 
  • Problem Solving: Always looking to solve the problem in the best possible way. 
  • Stakeholder Management: Ability to communicate with stakeholders of all levels. 
  • Leadership: Mentoring and supporting colleagues. 
  • Proactive: A “can-do” approach, ability and willingness to quickly grasp and tackle new projects.
  • Commercial Awareness: Comfortable working with ambiguity and with willingness to test and experiment.
  • Knowledge: A good understanding of Laws, reguulations, policies and ethics relating to cyber security and privacy 

The Skills

 

You Will be pary of our Enterprise IT funtion, operating within a federated IT Operating Model, which consists of Enterprise IT (EIT) and Business Unit IT delivery portfolios, EIT owns, secures, maintains and supports a portfolio of Enterprise IT services and provides functional leadership and support to the Business Units. 


EIT aims to deliver the Enterprise IT services portfolio to the right quality and best value for EDF UK and its stakeholders. 
 

You will need to have: 
 

  • An excellent awareness of the technology and best practice pertinent to their domain, and interest in maintaining that awareness
  • Proven ability to communicate with both IT and business-facing collegues
  • Capable of facilitating discussions across stakeholder groups and forming recommendations based on risks and organisational context
  • Relevant degree or equivalent experience
  • Experience of evaluating and maintaining security compliance in large complex business environments
  • Significant experience of working with third-parties such as solutions vendors, outsourced and research partners
  • Experience of working with IT security operations, compliance, risk and governance practices
  • It is a requirement of this role that the post holder either holds or can obtain and maintain Security Check (SC) clearance.

 

It would be great if you had: 
 

  • An understanding of various IT developmental lifecycles and processes, and systems engineering methodologies
  • An apreciation of key utility industry concepts
  • Experience of working in regulatory environments
  • Experience in or qualified as CISSP or equivalent, AWS/Microsoft Azure, ISO27000, PCI-DSS 

Competitive Salary & Benefits

 

We offer a competitive salary and benefits package, including a pension scheme, a wide range of flexible benefits to suit your lifestyle, and the opportunity to earn a bonus.  
 

Please let us know if you require flexible working arrangements by highlighting this on your application.  We’re happy to talk flex in line with the requirements of this opportunity.
 

Why EDF?

 

At EDF, everyone’s welcome. It’s a powerful statement of our intent to make sure we’re about the people who work with us – a rich and unique mix of backgrounds and experiences that’s vital to shaping a strong and fresh-thinking organisation like ours. Whoever you are and wherever you come from, we’ll embrace the difference you bring and give you opportunities to thrive and succeed.


Join us. Together, we’ll help Britain achieve net zero.


Job Segment: Risk Management, Engineer, Cloud, Testing, Systems Engineer, Finance, Engineering, Technology

Apply now »