Cyber Supply Chain Risk Lead

Cyber Supply Chain Risk Lead

Location: ScottishPower HQ, Glasgow

Salary: £54-68K (plus up to 15% bonus & single healthcare)

Flexible & Hybrid Working

* The role requires that the successful candidate can obtain UK Government Security Clearance *

Help us create a better future, quicker

ScottishPower Renewables is a leader in the development of renewable energy, both onshore and offshore in the UK & Ireland. We are part of the first integrated utility to generate 100% green energy.

We focus on wind, solar and smart grid technologies in order to help transition our national energy supply towards a cleaner, electric future.

The Cyber Supply Chain Risk Lead is responsible for identifying, assessing, and mitigating risks associated with the supply chain’s cybersecurity. This role involves developing and implementing strategies to protect the organisation from cyber threats that may arise from third-party vendors, suppliers, and partners. The role will work closely with internal and external stakeholders to ensure the integrity, confidentiality, and availability of supply chain operations, thereby safeguarding the organisation’s assets and reputation.

What you’ll be doing

The role will integrate into an active and ambitious global cyber security function, contributing to ScottishPower Renewables cyber security purpose of delivering cyber resilient OT and IT, to enable a safe and reliable electricity supply to customers.

You’ll own the cyber supply chain risk management for onshore and offshore, ensuring industry best practices is followed, and you’ll work to transparently reduce risk, achieve compliance with NIS regulations and deliver a cyber resilient business, within the cyber transformation program. The programme of work has kicked off and is planned to deliver through to 2027.  

You’ll provide subject matter expertise on legal clauses in relation to cyber controls, as well as preparing and presenting reports to SPR cyber management groups and committees.

Other aspects of the role include:

• Identifying, assessing, assuring, and mitigating risks.

• Coordinating and collaborating with other security functions, such as SP Cyber, threat intelligence, vulnerability management, security architecture, and security governance, to ensure a holistic and integrated approach to ensuring the impact from supply chain is mitigated.

• Liaising and cooperating with external parties, such as law enforcement, regulators, vendors, and industry peers, to share information, seek assistance, and comply with legal and contractual obligations.

• Conducting and facilitating post-incident reviews for cyber breaches that occur within SPR supply chain.

• Monitoring and evaluating the performance and effectiveness of the process across SPR.

What we’re looking for

• Skills and experience in cyber security supply chain risk management.

• Awareness of key legislation and regulation impacting IT/OT General Control requirements in an energy utility.

• Experience in planning, managing and Supply chain risk management.

• Record of academic achievement, including some form of recognised qualification from further education, such as a degree or diploma.

• Useful qualifications (nice to have)

  • ISO27001

  • CISM

  • CRISC

  • SANS qualifications

What’s in it for you

As well as a competitive salary which is reviewed annually, you can also enjoy a number of other benefits. With our pension scheme, we’ll double match your contribution up to a company contribution of 10%.

At ScottishPower, we believe it’s the little things we do in life that make a big difference. From helping you look after your family’s wellbeing, save for your future and take personal steps for climate action – our benefits are designed to help you do just that -  so that you have everything you need to take care of your world – today and tomorrow. That’s why our benefits include:

• 36 days annual leave

• Holiday purchase – perfect your work/life balance with extra annual leave

• Share Incentive Plan and Sharesave Scheme

• Payroll giving and charity matched funding

• Technology Vouchers – save more and spread the cost of your technology purposes

• Count us in – pledge to reduce carbon emissions and help fight climate change

• Electric Vehicle Schemes – to help you transition to green/clean driving

• Cycle to Work scheme and public transport season ticket loans

• Options to purchase dental insurance, private medical insurance, health cash plan and annual health assessments

• Life Assurance (4x salary)

• Access to ‘nudge’ financial wellbeing support

• Plus shopping, leisure, restaurant and gym discounts, and unique employee deals on travel insurance and more

Why ScottishPower

ScottishPower is part of the Iberdrola Group, one of the world’s largest integrated utility companies and a world leader in wind energy. With a commitment to generate all of our energy from renewable resources and a drive to create the energy infrastructure of the future, we’re at the forefront of the journey to Net Zero and investing over £6m every working day to make this happen. With diverse opportunities across our businesses and a commitment to invest in our own internal talent, ScottishPower can offer people real career opportunities that meet personal and professional goals, in a global organisation

Inclusion, diversity, and a social purpose are at the heart of everything we do. Together with our values, they bring us together into a stronger, more sustainable business with direct links to the communities we serve. It takes all kinds of people to build a large-scale business like ours, so whatever your background, you’ll fit right in.

ScottishPower is committed to providing reasonable support or adjustments in our recruiting processes for candidates with disabilities, long term conditions, mental health conditions, or who are neurodivergent or require pregnancy-related support.

Mobility

Please note that any applicant who is not a citizen of the country of the vacancy will be subject to compliance with the applicable immigration requirements to legally work in that country. If/when required, the Company will support the employee with the necessary Immigration requirements.

IMPORTANT 

Advert will close at 23:59 GMT the day before Job Posting End Date below