Cyber Security Supply Chain Analyst

Here in Technology our mission is simple - deliver and maintain secure and stable IT services, maximising value to our business. Dig a little deeper and you will find a living, breathing department, of highly talented individuals and teams, buzzing with energy, ideas, and enthusiasm. Our teams are always interested in learning new, innovative, and exciting ways for us to aid our business colleagues, and ultimately our customers experience. Collectively, we provide a critical national infrastructure to millions of customers in our region, so the only question is why wouldn’t you want to be part of that? If you want to do more because you care, we’d love to talk to you. There really is something for everyone here. Everything you need to know: We provide a critical national infrastructure to millions of customers in our region. This makes us a high‑profile target for cyber‑attacks on our IT systems, which if successful, could have disastrous consequences for our customers, colleagues, and the communities we serve. Our Information Security team does a wonderful job protecting the business, its people, and customers from these daily threats, and we have an opportunity for you to join us as a Cyber Security Supply Chain Analyst.

• Liaising with our supply chain to identify, analyse, and report on their cyber posture
• Review policy and standard artefacts submitted for review by suppliers
• Be able to clearly articulate the importance of contract clauses with suppliers and confidently negotiate the best position for Severn Trent
• Using clear communication skills to report on various KPIs compliance obligations to appropriate Severn Trent governance groups
• Identifying and managing Information Security risk, aligning with control frameworks such as NIST and CIS
• Scoping and managing security testing to OWASP Top 10
• Review, test, and monitor control effectiveness
• Build strong relationships within the business and have engaging conversations with our supply chain on Information Security initiatives & threats
• Promote Secure by Design and promote visibility of testing services available
• Collaborating and embedding yourself both across wider technology department and the core business to drive continuous improvement

You'll join the team with experience in Information Security and be passionate about the field, keeping up to date with emerging threats and technologies.

To be successful, you’ll need experience of managing control frameworks and working within a regulated environment, with knowledge of regulatory standards such as GDPR, NISR, PCI DSS. You should also have experience in managing Supply Chain Information Security risk and security testing, along with an in-depth knowledge of control frameworks and how they can be effectively applied to manage risk. You’ll need to have excellent communication skills and be able to influence decision‑making with internal and external stakeholders. You’ll be able to clearly articulate identified risks and negotiate an improved position which will enhance the security of Severn Trent. We welcome people from all walks of life and celebrate individuality as we know diverse minds, experiences and backgrounds help us to learn and better serve our communities. We want people who show up and get involved. Those who are ready to be part of something bigger and who want to make a difference because they care.

• Annual bonus scheme (up to £2,250 based on company performance and subject to eligibility)
• Leading pension scheme – we will double your contribution (up to 15% when you contribute 7.5%)
• Sharesave – the chance to buy Severn Trent Plc shares at a discounted rate
• Dedicated training and development with our Academy
• Electric vehicle scheme and retail offers
• Family friendly policies
• Two paid volunteering days per year