Risk Governance Lead Location: Glasgow Salary: £48-60K (plus up to 10% bonus) Hybrid working, Permanent Help us create a better future, quicker Scottish Power Energy Networks (SPEN) is embarking on a Cyber Security Transformation Programme. We’re looking for a Cyber Risk Lead to help implement, and manage the Cyber Risk Methodology across SPEN, as well as ensure the Cyber Security Policies, Frameworks, Rules, and Methodologies are adequately designed and socialised with the Business. What you’ll be doing The Cyber Risk Lead will play a pivotal role in managing and mitigating cyber risks within SPEN. This position involves maintaining the risk register, performing detailed risk assessments, and overseeing the development and implementation of risk treatment plans. The role is integral to supporting the Head of Governance, Risk, and Assurance in all aspects of OT risk management and governance, contributing to the broader Cyber Risk function. The Cyber Risk Lead will be instrumental in driving SPEN’s ambitious security transformation programme, which aims to transparently reduce risk, achieve compliance with NIS regulations, and deliver a cyber resilient business. In addition to these core responsibilities, the Cyber Risk Lead will develop and implement robust cyber governance frameworks to ensure alignment with regulatory requirements and industry best practices. This role requires a proactive approach to identifying and addressing cyber risks, fostering a culture of security awareness, and ensuring that SPEN's cyber risk strategies are effectively communicated and understood across the organisation. The successful candidate will collaborate with various stakeholders, including control owners, risk owners, and external regulators, to ensure that SPEN's cyber security posture is continuously improved and maintained at a high standard. What you’ll bring Knowledge and experience of Cyber Security as evidenced by relevant industry qualifications (e.g. GICSP, CISSP, CISM) Experience in developing and leading Cyber Security Risk Management and Governance in an organisation of similar scope and scale to ScottishPower, with previous Security Management experience in a global organisation preferred. Knowledge of risk assessing cyber security risks Experience writing Cyber Policies Awareness of key legislation and regulation impacting the delivery of IT and OT Cyber Security in an energy utility. Ability to maintain and update the risk register, ensuring all risks are accurately documented and tracked. Expertise in conducting comprehensive risk assessments to identify potential threats and vulnerabilities. Skills in developing and managing risk treatment plans to mitigate identified risks in line with SPEN's risk tolerance. Proficiency in preparing and presenting risk reports to senior management and relevant stakeholders. Experience in leading and participating in cyber risk forums to discuss and address emerging risks. Capability to support activities related to NIS compliance, including regular assessments and reporting. Competence in developing and implementing cyber governance frameworks to ensure alignment with regulatory requirements and best practices. Why SP Energy Networks SP Energy Networks is part of the Iberdrola Group, one of the world’s largest integrated utility companies and a world leader in wind energy. We keep electricity flowing to homes and businesses through Central and Southern Scotland, North Wales and in the North West of England. We operate over 4000km of cables and lines that make-up the transmission network – connecting infrastructure like wind farms into the electricity system. It’s a role that puts us right at the heart of Scotland’s ambition to be Net Zero by 2044. And we’re taking it very seriously. We’re investing >£5.5 billion into our transmission network, directly supporting the rapid growth needed in renewable energy. With diverse opportunities across our businesses and a commitment to invest in our own internal talent, ScottishPower can offer people real career opportunities that meet personal and professional goals, in a global organisation. Inclusion, diversity, and a social purpose are at the heart of everything we do. Together with our values, they bring us together into a stronger, more sustainable business with direct links to the communities we serve. It takes all kinds of people to build a large-scale business like ours, so whatever your background, you’ll fit right in. We are committed to providing reasonable support or adjustments in our recruiting processes for candidates with disabilities, long term conditions, mental health conditions, or who are neurodivergent or require pregnancy-related support. If you need support, please reach out to careers@scottishpower.com. Mobility Please note that any applicant who is not a citizen of the country of the vacancy will be subject to compliance with the applicable immigration requirements to legally work in that country. If/when required, the Company will support the employee with the necessary Immigration requirements. I MPORTANT Advert will close at 23:59 GMT the day before Job Posting End Date below May-17-2025