We’re looking for a Cyber Security Manager to be the cornerstone of IT security for npower Business Solutions (nBS), the Industrial & Commercial arm of E.ON UK. Based in Nottingham or Solihull, this permanent role (with FTC options considered) sits at the heart of our transformation—establishing and operating a robust Information Security Management System (ISMS), embedding best practices across our evolving BusDevSecOps culture, and providing expert guidance on everything from secure architecture and fraud prevention to emerging governance frameworks. Operating within the E.ON Group’s overarching cyber security framework, you’ll navigate a complex multi‑supplier ecosystem and lead the security agenda as we transition from a traditional service model to a modern product and DevSecOps environment. This role blends deep governance expertise with hands‑on technical acumen, advising stakeholders at all levels, including the C‑suite.
Responsibilities
* Own cyber security, IT risk and controls for nBS—ensuring effective governance, risk management, and audit readiness are embedded and operating smoothly.
* Lead threat and risk assessments to ISO 27005, produce consolidated risk reports, define KRIs, and manage remediation plans through their lifecycle.
* Develop, implement and mature the ISMS aligned to ISO 27001, Smart Energy Code (SEC) and emerging standards including ISO 42001 (AI Management) and the Cyber Assessment Framework (CAF) / CRA.
* Promote heightened cyber risk awareness across nBS—running drop‑in sessions, roadshows, and targeted C‑suite engagements.
* Act as a trusted adviser on strategies, controls and architectural patterns to mitigate external threats, providing pragmatic guidance to product teams and leadership.
* Drive compliance and certification across key regulations and standards—Smart Energy Code (SEC), Retail Energy Code (REC), PCI DSS, GDPR, Cyber Essentials and the Cyber Assurance Framework, including planning and supporting internal control testing and acting as primary liaison with auditors.
* Be the security cornerstone in our product and DevSecOps transition—guiding secure architecture, secure coding practices, threat modelling and integrating controls throughout the SDLC.
* Manage third‑party security posture across our multi‑supplier ecosystem—covering onboarding, contractual controls, auditing and ongoing reviews for SaaS, integration and infrastructure.
* Own legislation and compliance engagement for PCI DSS, DPA/GDPR, SEC, REC, CRA/CAF and related UK initiatives such as the Cyber Resilience Bill and the UK Cyber Security Bill.
* Scope and coordinate penetration tests—managing delivery with relevant teams and ensuring findings are triaged, tracked and resolved in line with nBS’s risk appetite.
* Champion a culture of security—delivering coaching and presentations from engineering squads to the C‑suite, ensuring security is a value‑add, not a block.
Qualifications
* Proven track record of taking companies through audits and certifications—planning, readiness, engagement and successful outcome delivery (e.g., SEC/REC, Cyber Essentials, SOC 2 Type II, PCI DSS, ISO 27001, ISO 27002).
* Strong understanding of the UK energy sector’s regulatory landscape, particularly Smart Energy Code (SEC) and Retail Energy Code (REC), with at least 5 years’ experience in the sector.
* Credibility and presence at senior level, with the confidence to engage and influence the C‑suite.
* Experience operating in a complex, multi‑supplier environment—onboarding, auditing and ongoing review of third‑party security posture.
* Hands‑on ISMS expertise—establishing, operating and maturing an ISMS aligned to ISO 27001.
* Strong technical acumen—secure architecture design, practical security guidance within DevSecOps or Agile settings and integrating controls through the SDLC.
* Significant experience in IT risk management—conducting assessments (e.g., ISO 27005), managing risks end‑to‑end and defining meaningful KRIs.
* Demonstrated subject‑matter expertise in at least two of: ISO 27001, ISO 42001, Data Protection Act/GDPR, SOC 2 Type II.
* Experience ensuring compliance with security policies, controls and procedures; comfortable with frameworks such as the Cyber Assurance Framework (CAF) and Cyber Essentials.
* Familiarity with evolving UK initiatives and audits—Smart Energy Code, UK Cyber Security Bill, FUSA audits (or equivalent) and the Cyber Resilience Bill.
* Certifications: CISSP (must‑have); CISM; ISO 27001 Lead Auditor or Lead Implementation; experience building DevSecOps ways of working (tooling, pipelines, IaC guardrails, policy‑as‑code); understanding of legal frameworks relevant to data protection, cyber resilience and operational compliance in energy markets.
#J-18808-Ljbffr