Senior Cyber Security Risk Specialist

Senior Cyber Security Risk Specialist

This Senior Cyber Security Risk Specialist will report to the Cyber Security Governance, Risk and Compliance Manager and will work within the Information Systems directorate based in either our London or Crawley office. You will be a permanent employee.You will attract a salary of up to £75,000.00 and a bonus of 7.5%. This role can also offer blended working after probationary period (6 months) - 3 days in the office and 2 remote.Close Date:

28/09/2025Benefits

25 Days Annual Leave plus bank holidaysReservist Leave – Additional 18 days full pay and 22 unpaidPersonal Pension Plan – Personal contribution rates of 4% or 5% (UK Power Networks will make a corresponding contribution of 8% or 10%)Tenancy Loan Deposit Scheme, Season Ticket LoanTax efficient benefits: Cycle to Work, Home and Tech, and Green Car Leasing SchemesOccupational Health supportSwitched On – scheme providing discount on hundreds of retailers’ productsDiscounted gym membershipEmployee Assistance ProgrammeJob Purpose

The Senior Cyber Security Risk Specialist will support the Cyber Security GRC Manager in developing IT governance, risk management, and compliance strategies across UK Power Networks information applications and users to safeguard essential business services and operations from cyber threats.Dimensions

People - Work collaboratively in a team of circa 8-10 permanent and temporary GRC resources and specialist 3rd Party GRC service providers. Mentor less experienced GRC analysts, providing guidance and training.Financial - no direct budget responsibility.Industry and Regulatory – deputise for the GRC manager to represent UKPN in energy sector industry forums and regulatory working groups, working collaboratively with Ofgem and the Department for Energy Security and Net ZeroCommunication – communicate with all teams and partners in UK Power Networks. Good verbal, written, and presentational skills to express risks and the potential effects to the business and make reasoned recommendations for management action to mitigate or reduce the risks.Stakeholders – regular interaction with senior management across IT, IS and the Business; build relationships with internal support teams, auditors, 3rd party service providers and partners to manage IT risk and monitor mitigation plans.Principal Accountabilities

Risk Management: Conduct cyber security risk assessments following the UK Power Networks risk assessment framework and methodology, identifying findings and remediation actions, tracking owners, and communicating third-party assessments.Reporting: Produce management information related to risk and control environment; support IS teams to define control metrics; prepare regulatory submissions and provide assurance for policy compliance within IT.Information Security Management System Support: Operate and maintain the information security management system and artefacts, in compliance with ISO 27001/27002 including governance forum agenda and minutes.Policies and Standards: establish GRC policies, standards and procedures to monitor information security controls, exceptions, risks, and testing including reporting on performance.Controls Framework: Ensure a robust IT control environment and support a roadmap for IT controls improvements.Compliance: Design, implement, and run processes to monitor IT compliance to legal and regulatory requirements (e.g., SEC, NCSC CAF, NIS, GDPR, ISO 27001/27002, etc.) and IT audits.Business Continuity and Disaster Recovery: Own and maintain IT resilience and business continuity plans, coordinate tests, and evaluate resilience activities.GRC Systems and Tools Support: Support implementation, maintenance and configuration of GRC tools and systems.Stakeholder Management: Engage with partners across IT, IS and the Business; maintain relationships with internal/external teams, regulators, and third-party providers to manage IT risks.Supply Chain and 3rd Party: Engage and assess 3rd party suppliers for cyber security expectations; gather evidence and governance metrics.Knowledge, Skills and Experience

Understanding of governance, risk management, and compliance principles; knowledge of laws, regulations, and industry standards; demonstrated expertise in at least three areas such as: industry standards, IT/IS risk management, business continuity planning, supply chain risk management, problem solving and governance.Experience with ISMS; experience in internal/external audits and risk assessments; knowledge of risk processes, frameworks, and procedures.GRC-related training or certification (e.g., CISSP, CISA, CISM, CRISC) or related qualifications; knowledge of Cyber Essentials, SEC, NCSC CAF, NIS, GDPR, ISO/IEC 27001/27002, ITIL, CoBIT, etc.Proficiency in IT/OT risk assessment and controls; experience with IT/OT continuity and disaster recovery; knowledge of 3rd party risk and regulatory environments, preferably in energy/CNI context.You will collaborate with technical, non-technical and executive audiences.Health and Safety and Equal Opportunity

Health and Safety responsibilities and equal employment opportunity statements are applicable to all employees. We are committed to equal employment opportunity regardless of race, colour, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender, gender identity or expression, or veteran status. If you have any queries about this vacancy, please contact careers@ukpowernetworks.co.uk quoting the vacancy reference ..... full job details .....