ScottishPower – Cyber Risk and Assurance Analyst
Location: ScottishPower HQ, Glasgow
Salary: £44,000 – £55,000 (DOE) per annum plus excellent benefits
Working Arrangement: Flexible Hybrid Working
Closing Date: 28 December 2025
ScottishPower Energy Networks (SPEN) is driving a transformative security programme to reduce risk, meet NIS regulations and build a cyber‑resilient business. The Cyber Risk and Assurance Analyst will play a key role in maintaining robust cybersecurity governance, managing cyber risks, and delivering assurance across IT and OT environments.
Responsibilities
* Third Party Risk Management (TPRM)
o Execute the full TPRM lifecycle: onboarding, control assessment, and ongoing monitoring.
o Maintain supplier inventory, support segmentation and tiering, and continuously improve TPRM frameworks.
o Collaborate with IT, Legal and Procurement to embed risk mitigation across supplier engagements.
o Assess design and operational effectiveness of supplier controls, ensuring compliance with ISO 27001, IEC 62443 and regulatory requirements.
o Coordinate cyber assurance reviews for strategic suppliers, identify control gaps, evaluate remediation plans and track actions to closure.
o Support risk reporting and escalation processes to provide senior leadership with visibility of supplier‑related cyber risks.
* Cyber Risk
o Document and manage risks in the enterprise risk management system.
o Contribute to risk reporting and escalation to senior leadership.
* Cyber Assurance
o Maintain and update the CAF Evidence Repository and dashboard reporting of attainment status.
o Provide assurance input for change initiatives and regulatory compliance assessments.
What You’ll Bring – Technical Skills
* Minimum 3 years’ experience in TPRM, Cyber Risk or Assurance within a regulated environment.
* Familiarity with structured management systems and compliance frameworks (ISO 27001, IEC 62443).
* Understanding of IT and OT cybersecurity principles, frameworks and best practices such as NCSC CAF, ISO 27001, MITRE or NIST CSF.
* Proficiency in risk assessment methodologies and assurance planning.
* Awareness of regulatory requirements, including NIS Regulations.
* Professional certifications (CISA, SSCP, CISM) are advantageous but not mandatory.
Soft Skills / Abilities
* Strong analytical, problem‑solving and communication skills.
* Excellent communication with both technical and non‑technical stakeholders.
* Collaborative team player with strong stakeholder engagement.
* Adaptability to change and ability to manage multiple priorities in a fast‑paced environment.
Minimum Experience and Qualifications
* At least 2 years of experience in a regulated environment, preferably in energy or similar industrial sectors.
* Hands‑on experience in the TPRM process, including supplier onboarding, control evaluation and ongoing monitoring.
* Practical exposure to cyber risk assessments and control evaluations.
* Familiarity with risk management tools and assurance dashboards.
* Proven ability to manage multiple priorities and deliver within deadlines.
* Excellent written and verbal communication skills for reporting and presenting assurance outcomes.
* Demonstrated collaboration skills to promote efficient teamwork.
What’s In It For You
As well as a competitive, annually reviewed salary, you will enjoy a comprehensive benefits package, including:
* 36 days annual leave
* Holiday purchase option
* Share Incentive Plan and Sharesave Scheme
* Payroll giving and charity matched funding
* Technology vouchers
* Electric Vehicle and Cycle‑to‑Work schemes
* Options for dental, private medical, health cash plan and annual health assessments
* Life Assurance (4× salary)
* Access to SmartSave financial wellbeing support
* Shopping, leisure, restaurant and gym discounts, and unique employee deals
Why SP Energy Networks
SPEN is part of the Iberdrola Group, a world leader in wind energy, and is investing >£5.5 billion to support the rapid growth of renewable energy across Scotland, North Wales and the North West of England. It’s a role that contributes to Scotland’s Net‑Zero ambitions by 2044, offering long‑term career opportunities in a global organisation.
We are committed to inclusion, diversity and a social purpose. State any background you bring will be valued. We provide reasonable support or adjustments for candidates with disabilities, long‑term conditions, mental health conditions, neurodivergence or pregnancy‑related needs. Contact careers@scottishpower.com for assistance.
Mobility
Applicants who are not citizens of the country of the vacancy will need to comply with immigration requirements. The Company will support the employee with necessary immigration processes when required.
Important
This advert will close at 23:59 GMT on 29 December 2025.
#J-18808-Ljbffr