Governance, Risk & Compliance Analyst

Risk Management within Transmission IT is an extremely exciting area, responsible for the identification, management, and remediation of conventional IT risks within both IT enterprise environments along with risks pertaining to the Transmission Operational Technology, OT and Network.

To grow the Risk Management function, we are looking for 2 x Governance, Risk and Compliance Analysts to join the team.

These roles will report into the IT Risk Manager and will each have a different focus as detailed below:

Risk & Threat Analyst - key focus on assessing the threats that pose a risk to our business operations and linking these to our identified risks, risk factors, and control deficiencies.

Risk & Controls Analyst - key focus on implementing a controls framework across our estate with subsequent assessment and testing.

Key responsibilities for these roles will include:

- Create, communicate, and implement processes for risk management, including the assessment and treatment of identified risks in IT and OT environments.

- Assist in the creation of detailed reports to provide in-depth analysis of assessment findings, identified risk and risk factors, control deficiencies, threat updates and recommended remediation actions.

- Provide 1^st line risk management support, interfacing with both Transmission 2^nd line and Group led functions.

- Work closely and collaboratively with key stakeholders across Transmission IT.

Prior experience in security risk / controls assessments and ideally you will have experience with operating risk registers and GRC tooling / software in IT or OT environments.

- Knowledge on common security management frameworks, such as ISO / IEC 27001/2 Standard, ITIL, NIST Cybersecurity Framework, COBIT, etc. Exposure to NCSC CAF and MITRE ATT&CK framework would also be beneficial.

- Collaboration skills with the ability to work across disciplines and with colleagues ensuring collective accountability and individual responsibility for task ownership is clear and objectives are delivered.

- Strong reporting and presentational skills.

- Relevant University Degree or Certification (e.g., CompTIA Security+ / CySA+, CRISC, CISA, CISM, CISSP) would be advantageous.

SSE has big ambitions to be a leading energy company in a low carbon world. Following our commitment to invest £20.5 billion in low carbon projects to 2027, we have significant growth plans and are well on our way to achieving our ambition to build a world that's more sustainable and inclusive for you, your family, the community you live in and for generations to come., SSE IT underpins the technology needs of all the different businesses that make up the SSE group. From emerging technologies to data and analytics to cyber security - we power SSE's growth and enable it to generate value, while keeping it secure. As a trusted business partner that helps SSE lead in a low carbon world, we are proud of our service. Working for SSE IT is all about equipping SSE for now and the future.

We offer an excellent package with 34 days annual leave entitlement. Enhanced maternity/paternity leave, discounted healthcare, salary sacrifice car leasing and much more, view our full benefits package on our careers site.