Information Security Analyst (GRC)

Help us use technology to make a big green dent in the universe! It''s a really exciting time in energy. Help us make a real impact on shaping a better, more sustainable future. We are building a small and efficient Cyber and Information Security team at Octopus Energy Group. We are looking for ambitious, knowledgeable, and experienced InfoSec Analysts to join our team, to grow with the company, and ensure we continue to do so in a secure and safe way. You will be a key partner in defining what Security is at Octopus Energy Group. We will be shaping this team to provide a world class support service to our employees, building our way out of problems and undertaking transformational organisational change. You''ll be primarily supporting our Octopus Energy Group services, while working with various Group Subsidiaries to expand our capabilities and develop creative solutions to business challenges and opportunities to continually improve our services. Specifically, we''re looking for Information Security Analysts with at least 2 years of relevant experience to help us improve security across the Octopus Energy Group. If you''re passionate about Information Security and driving a positive security culture, we encourage you to apply!

Responsibilities

Maintaining and improving our Information Security Management System (ISMS) by taking a tech-first approach and using automation where possible

Contributing to the development of our security assurance function

Performing security risk assessments and maturity assessments for OE Group

Promoting a positive security culture and raising awareness through training and other initiatives

Supporting the implementation of security processes and requirements

Providing security advice and guidance to the wider technical team

Liaising with stakeholders in relation to security issues and providing remediation/improvement recommendations

Supporting Octopus Energy Group''s audit and compliance automation programs, enabling easy demonstration of compliance as we scale

Working with the wider Security team to set the security strategy for Octopus Energy Group and its subsidiaries

Keeping up to date with the latest security trends, and evaluating their potential impact on our systems, assisting the business to understand and manage associated risks

Taking on other security-related projects and initiatives as needed, and collaborating with other teams to drive improvements in security across the organisation

Qualifications

A passion for security, with a drive to improve through technology

Experience in, or knowledge of, automating GRC and other security processes to reduce manual work (policy as code, low/no code tools, or GRC tooling)

Strong analytical and problem-solving skills, with the ability to identify and mitigate security risks

A good understanding of information security principles and the ability to communicate this to non-experts

Experience producing or supporting the delivery of security awareness programs in different business environments

Knowledge of industry and regulatory security standards, such as ISO 27001, SOC2, and GDPR

Experience in at least some of the areas mentioned (we don’t expect expertise in all areas)

The ability to challenge and expand thinking around GRC engineering

Security certifications (any recognized abbreviations)

Security qualifications (e.g., apprenticeships or degrees)

Experience working in organisations that maintain ISO 27001 and/or SOC 1 and SOC 2 Type II certifications

A broad understanding of technology, especially AWS (or other CSPs)

A background in a technical role or relevant knowledge through education or training

Benefits and Process

Salary is discussed with recruiters on a call to reflect experience and role fit

Octopus Energy Group culture focused on autonomy, ownership, and meaningful project work

Perks and rewards aligned with what matters to employees

UK perks hub and access to employee benefits

The recruitment process usually takes up to 4 weeks, with flexibility to accommodate candidates

For any questions or to start the conversation, email hiring@octoenergy.com. If this sounds like you, we would love to hear from you. We are an equal opportunity employer and do not discriminate on the basis of protected attributes. We are committed to providing equal opportunities, an inclusive work environment, and fairness for ..... full job details .....