Overview
Develop and maintain the enterprise cyber security architecture for the Group including development of enterprise architecture standards and patterns that address the requirements of both IT and OT, aligning with industry standards, regulatory requirements and best practice in support of high risk and critical programmes and projects.
Lead IT security risk position and lead consulting and assurance engagement into Group IT products and services. This includes overseeing the IT security risk position and mitigation planning, and management and challenge of security assurance to critical IT security projects and programmes.
Lead SSE's Secure by Design approach and provide technical expertise and support for the development and implementation of cyber security policies and architecture standards and patterns.
Define and manage a security tooling roadmap to ensure the implementation of effective security controls and technologies and regularly update cyber security technical strategies including emerging innovation and technological advancements.
Establish and enhance a cyber resilience capability and exercising capability working with all of the Business Units and the Group wide resilience function including working with the National Energy System Operator on cyber resilience.
Responsibilities
* Develop and maintain the enterprise cyber security architecture for the Group across IT and OT, aligning with standards, regulatory requirements and best practice.
* Lead IT security risk position and oversee mitigation planning and security assurance for critical IT projects and programmes.
* Champion SSE's Secure by Design approach and support development and implementation of cyber security policies, architecture standards and patterns.
* Define and manage a security tooling roadmap to implement effective security controls and technologies and refresh cyber security strategies as needed.
* Establish cyber resilience capabilities and coordinate with Business Units, the Group resilience function, and external partners such as the National Energy System Operator.
Qualifications / What you need
* Enterprise security architecture expertise with ability to advise on strategic direction for cyber security in IT and OT implementations, guiding programmes and projects with pragmatic best practice advice.
* Deep experience in defining and driving Secure by Design and Secure by Default to align security architectures with business goals, including creating security standards and procedures.
* Strong understanding of network security, OT and IT security, application security, identity management, cloud security, and endpoint security; knowledge of firewalls, IDS, encryption, and related technologies; familiarity with standards such as NIST, ISO 27001, and IEC 62443.
* Effective communication skills to explain complex security concepts to non-technical stakeholders and to collaborate with IT and engineering professionals; experience engaging with C-level executives.
* Detail-oriented, highly organized, able to manage multiple priorities, work independently, and make informed decisions under pressure.
#J-18808-Ljbffr