Operational Technology OT Cyber Assurance Auditor

Operational Technology (OT) Cyber Assurance Auditor

• 549683

• Closing at: Jul 18 2024 at 23:55 BST

SSE has big ambitions to be a leading energy company in a low carbon world. Following our commitment to invest £20.5 billion in low carbon projects to 2027, we have significant growth plans and are well on our way to achieving our ambition to build a world that's more sustainable and inclusive for you, your family, the community you live in and for generations to come.

Join us on our journey to net zero and help us power change.

About the Role

Base Location: Flexible, however our preference is that you will be based in one of our key Scotland sites, which includes but is not limited to:- Glasgow, Perth, Aberdeen and Inverness.

Salary: up to £71,600 + performance-related bonus + a range of benefits to support your finances, wellbeing and family.

Working Pattern: Permanent | Full Time | Flexible First options available

As OT Cyber Assurance Auditor, you will focus on OT cyber security within the Transmission business, including broader IT elements supporting a net zero network. You will deliver risk-based cyber audits for Transmission's projects and operational assets, ensuring compliance with NIS-Regulations across security improvement programmes, strategic projects, and large-scale projects. You will interface with various business areas, including Group functions and other regulated areas, providing assurance to the Group level, Transmission Executive Committee, and Security Working Group on OT cyber security risk management. Audits typically range from 20-40 days, with ongoing support for key Transmission change programs. Your role will be instrumental in driving change where cyber risks impact the business.

This position is ideal if you have experience in OT, preferably within the electricity networks environment, and cyber security, and are looking to expand your knowledge in these areas. As OT Cyber Assurance Auditor, you will:

- Understand the Business and Impact of OT Cyber Risk – You'll build trusted relationships with the business, IT, OT, and Cyber Risk teams to gain a deep understanding of key processes, operations, and the strategic changes impacting the OT cyber risk profile.

- Balance Robust and Pragmatic Cyber Assurance and Advice – You'll use insights from your relationships across the group to support the scoping, delivery, and reporting of assurance via audit. You'll provide practical risk and assurance advice that considers business risk, impact, and current cyber security maturity.

- Prepare Reports, Communicate Results, and Agree Actions – You'll regularly report to management at all levels, prepare draft reports for review, discuss findings with management, and agree on actionable and proportionate responses with clear responsibilities and due dates.

- Ensure Actions Are Completed – You'll conduct follow-up activities to ensure agreed audit actions are completed as per the audit reports, documenting any changes clearly.

- Engage with Relevant Transmission Programmes – You'll collaborate with key Transmission cyber security programs to provide real-time assurance of these initiatives.

What do I need?

To be considered for this role, we would love you to have:

- Demonstrable experience with OT security frameworks and best practices – IEC 62433, NIST 800-82, NIST CSF, IEC 61580.

- A good understanding of OT systems within the electricity network sector.

- Ability to carry out security risk assessment or threat modelling of system architecture.

- Experience of writing reports for a wide range of stakeholders, including senior non-technical stakeholders.

- Hold or working towards holding a cyber security certification (e.g. GICSP, CISSP, CISA, CISM, CCSP).

Candidates for this role will be required to obtain vetting to SC level through UK Government. The criteria normally includes 5 years UK residency, further information can be found here: United Kingdom Security Vetting: Applicant - GOV.UK (www.gov.uk)

About our Business

SSE's Group Risk & Audit teams are responsible for supporting the SSE Group in meeting their risk management responsibilities, ensuring that we meet our obligations under the UK Corporate Governance Code. We undertake assurance reviews right across the business to help identify any risks that may impact our performance, integrity, solvency or liquidity, and offer appropriate recommendations to help mitigate these.

What's in it for you?

We offer an excellent package with 34 days annual leave entitlement. Enhanced maternity/paternity leave, discounted healthcare, salary sacrifice car leasing and much more, view our full benefits package on our careers site.

As an equal opportunity employer we encourage diversity and are committed to creating an inclusive environment for all employees. We encourage applicants from all protected characteristics and commit to providing any reasonable adjustments you need during the application, assessment and upon joining SSE. Search for 'Inclusion & Diversity at SSE' to find out more.

What happens now?

All applications should be made online, and I'll be back in touch after the vacancy closing date to let you know the outcome.

If you would like to discuss any working flexibly requirements or adjustments you may require throughout the recruitment and selection process, please contact Louise on  / .

Before commencing your role with SSE, you'll need to complete our pre-employment screening process. This will consist of a criminality and credit check.

#LI-LM3

#LI-Hybrid