Cyber Technical Workstream Lead

Cyber Technical Workstream Lead

ScottishPower HQ, Glasgow – hybrid working

Salary: £65-82K (plus up to 20% bonus, car allowance and healthcare cover

Permanent, Full Time

Help us create a better future, quicker

Joining ScottishPower within our Customer Business as a Cyber Technical Workstream Lead, you’ll be responsible for delivering all technical aspects of the Retail Business Cyber Assurance workstream.

You’ll lead on all technical deliveries, vulnerability management and mitigating control delivery which feeds into the Cyber Assurance Strategy. You’ll focus on our UK Operations Energy Customer applications, and drive assurance activities interfacing with senior management.

What you’ll be doing

You’ll provide expert security input to the Centre of Excellence, assume accountability across the UK Operations applications to deliver and maintain an operational control framework, manage a technical testing schedule, manage all involved party relationships and act as a key technical and operational specialist for all critical first line security controls.

Responsibilities include but are not limited to –

• Develop and define security standards and best practice

• Oversee all audit activities to ensure compliance with internal standards and external regulations

• Report on key risk indicators and introduce mitigation plans where required

• Work with the Cyber Security Architects and team to define the roadmap to implement and maintain a secure architecture

• Develop and create business case(s) to secure CAPEX investment for strategic cyber related projects

• Manage the adherence to security architecture standards and best practice

• Ensure we have an effective Incident Response Plan and that it is regularly tested and kept up to date.

• Lead and mentor the team to successfully deliver projects

• Have a good understanding of the full technical stack, including security controls as well as their effectiveness

• Ensure that security incidents and vulnerabilities are responded to quickly and effectively.

• Conduct regular security checks and audits, and provide recommendations for continuous improvement.

• Act as a cyber security professional, providing advice and guidance to other team members and the wider business

• Work closely with Security Architects to ensure vulnerabilities are identified and remediated (e.g. automated scanning, pen tests, patching etc.), and cultivate a strong security culture across the organisation

• Oversee all audit activities to ensure compliance with internal standards as well as supporting external audit compliance with relevant standards e.g. ISO27001

What you’ll bring

* The successful applicant for this role may be required to undergo and obtain a positive outcome from pre-employment screening in accordance with the requirements of British Standard BS7858.

An understanding of multiple full technical stacks to enable effective impact assessment and effective dialogue with architecture, networking, security, operations, cloud, UNIX, DBAs, and application developers.

The post holder will be degree educated, with significant experience of inputting into the IT security strategy of an organisation of similar size and scale to ScottishPower, and preferably hold relevant industry qualifications (e.g., CISSP, CISM and ISO27001).

You’ll have proven experience and knowledge of -

• Security Risk Management including the development, recommendation, and delivery of remediation plans

• Assessing technical designs across multiple IT/Digital disciplines and defining appropriate controls

• Lead a penetration testing and control assurance testing programme, mitigation plans where existing controls are deemed not fit for purpose

• Specialist security tools and their successful implementation

• Security best practice and understanding of vulnerability and risk management in an environment of mature security posture

• Key legislation and regulation impacting the delivery of IT strategy.

You’ll have a strong delivery focus, and leadership style particularly focused on stakeholder management. High levels of integrity and discretion, and excellent communication skills, able to build effective relationships with key stakeholders. Strong influencing and negotiating where appropriate.