Information System Governance Manager

Do you want to help power your career and be part of an evolving energy industry?​ An exciting opportunity has arisen for an experienced Governance Manager to join the Information Systems team. The energy industry is advancing with investment in smart technology innovation and Northern Powergrid, as the company responsible for powering everyday life for 8 million customers across 3.9 million homes and businesses in the Northeast, Yorkshire and northern Lincolnshire, is at the forefront of delivering a power network that meets the region’s needs, now and in the future. The Information Systems Governance Manager owns the Management of Risk while developing and delivering IT Security and Governance processes, policies and procedures, ensuring effective controls are in place, monitored and managed to minimise and mitigate our organisational risk. ​ Along with a competitive salary between £60,000-£70,000 •Enrolment into our pension scheme •25 days holiday •Annual Bonus We’re excited to hear from candidates with a passion for our company and the industry and a desire to succeed. and we’ll be in touch. Key Responsibilities: • The role provides subject matter expertise as required on compliance with relevant internal and IS Security policies and IS Security governance controls such as IS027001, ISO27019, NIS-R and Smart Energy Code. • Accountable for both technical and non-technical risk assessments in accordance with NPGIS Security policies and relevant standards, monitoring and reporting on compliance with security policies, recommending and coordinating the implementation of technical controls to support and enforce defined security policies. • Leads in ensuring that all internal and external audit actions assigned to IS are effectively addressed within the agreed timescale. • Leads in ensuring that IS Business Continuity planning is in place; works with Emergency Planning and Business Services to ensure that IS risk has been properly considered in company-wide crisis management, continuity and recovery plans. • Leads in ensuring on-going and regular IS policy, process, procedure and standard reviews using information gathering methods, tools and techniques to collect and analyse data, agreeing and applying recommended cost effective and beneficial actions and remediation or compensating controls. • Manages IS Security vendors, suppliers and contractors and the Managed Security Service as directed by the Head of Cyber Security • Assist with IS Security regulatory and project assurance, including the management of all agreed internal and external audits, identifying, and assessing risks, putting in place effective frameworks for making informed IS Security decisions. • Ensures appropriate reporting is established and developed for Cyber Security, understanding the needs, objectives and constraints of other functions, promoting IS Security policy and governance awareness to the business community. • Reports and presents at appropriate levels to internal and external forums as agreed by the Head of Cyber Security • Continually improves processes and ways of working within IS and the business in relation to IS Security Risk; leading and managing on-going initiatives to improve business and IT compliance with legislative and regulatory instruments. • Supports the IS leadership team and deputises for the Head of Cyber Security as required. Key Competencies: • Communication skills both written and verbal • Specialist subject knowledge • Team leadership • Planning and organising • Customer focused Qualifications and Attributes Essential: • HNC level qualified or equivalent. • Information security risk management or similar (e.g ISO27005) • ISO27001 lead auditor or implementer. • Experience working with ISO27001, ISO27002 and GDPR • Knowledge and understanding of security controls and the ability to evaluate their effectiveness and make recommendations to treat risk • Understanding of assurance frameworks • Experience with delivering Information Security certification and maintaining compliance as well as associated periodic reporting regimes • Experience with Information Security and Information Technology • Producing and renewing IS security policies Desirable: • Accredited degree in an applicable field of study • Relevant IT/IS security qualifications such as CISP • Certified Information Systems Auditor • Knowledge of the Smart Energy Code • Ability to communicate effectively with a wide range of stakeholders • Knowledge of the ISO27019 standard • Knowledge of the NIS regulation and NCSC Cyber Assessment Framework (CAF) • High level understanding of operational Technology Systems including their role, purpose and key risks • Working with developing or implementing the Service Now Governance Risk and Compliance management module Visit northernpowergrid.com/careers to find out more about this and other career opportunities. ​ Posted: 3/10/2024 Closing date for applications: 17/10/2024 This role will be based in the North East or Yorkshire dependant on the applicant. This role would be subject to a Security Clearance that requires applicants to have been a resident in the UK for 5 years or more Applicants are considered on the basis of their suitability for the post irrespective of sex, marital status, sexual orientation, gender re-assignment, race, age or disability, in accordance with the Equality Act 2010.