Head of Information Security & Data Protection

Social network you want to login/join with:

col-narrow-left

Retail Energy Code Company

Other

-

Yes

col-narrow-right

2

05.05.2025

19.06.2025

col-wide

Head of Information Security & Data Protection

Hours: Full-time

Location: Remote, with occasional travel to London for events and team activities.

About Us

The Retail Energy Code Company (RECCo) is responsible for managing and evolving the Retail Energy Code (REC), which governs the interactions of parties involved in the Great Britain retail energy market. Our mission is to ensure the efficient and effective operation of the market, promoting innovation, competition, and delivering positive outcomes for consumers. We manage a range of critical services, all aimed at driving operational efficiencies and delivering value to the industry and consumers alike.

RECCo supports a broad set of stakeholders, including energy suppliers, network operators, and metering service providers, facilitating the effective delivery of their obligations under the REC. This makes RECCo a vital player in shaping the future of the energy market.

The Role

As data becomes increasingly important in the running of the energy industry, we need a leader of Information Security and Data Protection who can lead these aspects for the consumer consent and help shape our data strategy and services with an information security and data protection lens. By understanding the risks, how to manage and mitigate them you will support a transformation of the energy sector for the benefit of the consumer.

You will have responsibility for ensuring that RECCo and its service providers implement best practice policies, procedures and approaches that address cyber security, data privacy and protection. Including compliance with all relevant laws and regulations.

About RECCo’s Consumer Consent

Consumer Consent is fundamental in enabling consumers to positively share data and get access to new or existing energy services which ultimately will save them money and carbon. Consumer Consent is the be designed to provide a secure, simple and effective user experience, with user-centricity at the heart of every interaction.

As part of the industrial transformation, this Consumer Consent mechanism will not only streamline data sharing but also ensure that consumers trust is improved in energy. Consumer Consent is critical to the future of energy.

What you’ll do

• Accountable for Information Security & Data Protection topics including GDPR and Information Security across all RECCo functions.
• Interface with energy regulator and industry bodies for information security and data protection matters, demonstrating RECCo as a leader in these fields.
• Responsible for Consumer Consent Data Protection and Information Security Matters.
• Responsible for developing and support the data and digital strategies with ownership of information security and data protection aspects, to securely enable broader use of industry data sets for the benefit of the consumer.
• Accountable for developing and manage frameworks, processes, tools and consultancy which supports a risk-based approach within RECCo and our partners for service delivery.
• Monitor compliance with GDPR and other data protection laws.
• Identify acceptable levels of residual risk and manage action plans, policy and changes for risk mitigation.
• Proactive identification of information security and data protection risks and their management and mitigation.
• Complete DPIAs and support RECCo colleagues and partners in a consultive manner on Information Security, GDPR, Data Protection and Cyber aspects.
• Responsible for conducting investigations into information security incidents. Including historic and trending analysis where appropriate.
• Be the point of contact with ICO (Information Commissioner’s Office) and other relevant bodies for RECCo.

About You

• Degree in Computer Science or equivalent with completion of security modules.
• Extensive experience working in senior information security roles, ideally with complex or regulated environments
• Knowledge, understanding and practical experience working with:
• GDPR, Data Protection laws and rules
• ISO27001
• Excellent problem-solving skills with the ability to analyse complex problems, manage risk, and simplify appropriately for the audience.
• Excellent listening and communication skills (both oral and written)
• Strong interpersonal skills and the ability to build relationships quickly with partner organisations.
• Experience in managing change and managing partners

Ideally you’d also have

• Masters or higher in information security or equivalent

Our commitment

At RECCo we are committed to cultivating an environment that promotes equality, diversity and inclusion. We want you to bring your authentic self to work every day and feel comfortable being you, no matter your age, gender identity, ethnicity, religion, disability status or otherwise.