Operational Technology (OT) Cyber Assurance Auditor

SSE has big ambitions to be a leading energy company in a low carbon world. Following our commitment to invest £12.5 billion in low carbon projects over the next 5 years, we have significant growth plans and are well on our way to achieving our ambition to build a world that's more sustainable and inclusive for you, your family, the community you live in and for generations to come.

Join us on our journey to net zero and help us power change.

Base Location: Flexible, however our preference is that you will be based in one of our key UK or Ireland sites, which includes but is not limited to:- Glasgow, Perth, Reading, London, Belfast or Dublin

Salary: up to £66,100 + performance-related bonus + a range of benefits to support your finances, wellbeing and family.

Working Pattern: Permanent | Full Time | Flexible First options available

As Operational Technology (OT) Cyber Security Assessor you'll support the business and group technology function in assuring the group's OT cyber security position. This role covers all areas of our business including Thermal, Renewables, Transmission, Distribution and Energy Solutions as well Corporate functions that provide services to the OT world. The role will have some international aspects as SSE continues to expand its business across the world.

You will be responsible for delivery of risk based cyber audits from SSE's internal audit programme for both projects and operational assets. Within OT this covers our legal obligations to meet the NIS-Regulations across multiple geographies, security improvement programmes, strategic projects, and large-scale projects.

Audits can typically range from 20-40 days and involve one or more auditors. Risk based audit assignments focus on SSE's key strategic risks. You will initiate and drive change where Cyber Risks and their impact on the business require assurance.

This role is likely to suit a candidate expand their career and who has experience of both OT and cyber security and is looking to extend their knowledge within these areas.

- Understand the business and impact of OT cyber risk - Through building trusted relationships with the business, IT, OT, and Cyber Risk teams, you'll develop a close understanding of the business, the technology that supports key processes and operations and strategic change impacts on OT cyber risk profile.

- Balancing robust and pragmatic cyber assurance and advice - Using the understanding gained from relationships across the group, you'll support the scoping, delivery, and reporting of assurance via audit. You'll provide practical risk and assurance advice that recognises business risk and impact, as well as the level of current cyber security maturity.

- Prepare reports, communicate results, and agree actions - As part of delivering cyber audits, you will regularly report to management at all levels. You'll prepare draft reports for review and discussion with management, agree achievable and proportionate actions for all relevant Management Disclosures and Findings ensuring clear responsibility and due dates are set.

- Ensure actions are completed - You'll undertake follow-on activities to ensure agreed audit actions are completed in-line with the audit reports and that any changes are clearly documented.

Technology Risk & Analytics provide assurance over the group's highest priority technology, digital and cyber risks to the SSE Group Executive, Business Executives, Senior Management, Audit Committee and Board. Operational Technology (OT) is at the core of our business and our Net Zero Acceleration Programme and the team's role is to provide this assurance in OT field as well as the more traditional Information Technology (IT) areas. The importance of OT within the business has significantly raised the profile of OT cyber security creating this unique opportunity for assuring the management of OT cyber security across our businesses both in the UK but also globally.

To be considered for this role, we would love you to have:

- Demonstrable experience of current OT regulatory frameworks and best practices, such as IEC 62433, NIST 800-82, NIST CSF, Purdue Model.

- Demonstrate experience with OT security and have a good understanding of OT systems.

- Ability to carry out security risk assessment or threat modelling of system architecture.

- Experience of writing reports for a wide range of stakeholders, including senior non-technical stakeholders.

- Hold or working towards holding a cyber security certification (e.g. GICSP, CISSP, CISA, CISM, CCSP).

Candidates for this role will be required to obtain vetting to SC level through UK Government. The criteria normally includes 5 years UK residency, further information can be found here: United Kingdom Security Vetting: Applicant - GOV.UK (www.gov.uk)

SSE's Audit, Risk and Assurance teams are responsible for supporting the SSE Group in meeting their risk management responsibilities, ensuring that we meet our obligations under the UK Corporate Governance Code. We undertake assurance reviews right across the business to help identify any risks that may impact our performance, integrity, solvency or liquidity, and offer appropriate recommendations to help mitigate these.

We offer an excellent package with 34 days annual leave entitlement. Enhanced maternity/paternity leave, discounted healthcare, salary sacrifice car leasing and much more, view our full benefits package on our careers site.

As an equal opportunity employer we encourage diversity and are committed to creating an inclusive environment for all employees. We encourage applicants from all protected characteristics and commit to providing any reasonable adjustments you need during the application, assessment and upon joining SSE. Search for 'Inclusion & Diversity at SSE' to find out more.

All applications should be made online, and I'll be back in touch after the vacancy closing date to let you know the outcome.

If you would like to discuss any working flexibly requirements or adjustments you may require throughout the recruitment and selection process, please contact Louise on 01738 351671.

Before commencing your role with SSE, you'll need to complete our pre-employment screening process. This will consist of a criminality and credit check.