Information Security Officer (Risk Managment)

We’re champions of the North West and we’re proud that it’s our electricity network that connects communities and helps keep the electricity flowing every minute of every day, from when you wake up to when you fall asleep and all the hours in between.

A key part of the UK’s journey to net zero carbon is the revolution of our electricity industry to enable clean, green economic growth. As the North West’s electricity network operator, it’s our responsibility to lead the way, help the region decarbonise, and pave the way for the growth of renewable energy and a sustainable energy future for all.

We’re proud that in December 2024 we were named Utility of the Year by Utility Week magazine, who said we punched above our weight and used innovation to solve some of the industry’s most difficult challenges. Come and be part of our team and make a difference.

Together we have the energy to transform our communities. We are switched on. We are adaptable. We take pride.

Our Information Security team has a fantastic opportunity for an Information Security Officer – Risk Management to join them in Preston.

As an Information Security Officer, you will become a trusted cyber security risk advisor, ensuring the business is compliant against security policies, acting as an advisor, collaborating with stakeholders and management to assess risks, review and advise ratings for IT/OT/Physical Cyber risks, and supporting business coordinators in assessing their risk positions.

• Proven IT experience with experience in an information security officer role or similar risk/security audit role;

• Certification in Information Security Management (CRISK, CISM, COMPTIA Security+). This is not a replacement for experience;
• OneTrust Platform experience preferred;
• NIS, NIST, ISO27001 audit experience preferred;

• The ability to communicate and build strong relationships with business functions across ENWL, work effectively with external partners, and manage stakeholder risk engagement sessions;
• A background in an information security role with real-world experience of cyber security risk management;
• Experience reviewing risks to ensure they are clear, understandable, and developing metrics for tracking at-risk board;
• Experience using a centralized application risk management platform and business applications;
• Experience assessing vulnerability management platform data and interpreting attack scenarios;
• Experience interpreting policies, procedures, standards, and guidelines;
• The ability to articulate security risk simply and effectively with business managers and stakeholders;
• An awareness of information security law and regulations such as GDPR and NIS Regulations;
• Previous experience working within a regulated organization, preferably in Utilities or Energy sectors;
• An awareness of cyber security frameworks and standards such as NCSC CAF, NIST, ISO 2700x series, CIS;
• An understanding of different security testing strategies, with the ability to support.

As a vital team member, we offer a competitive salary, an annual bonus scheme, 25 days of annual leave increasing with service, private healthcare, discounts through our rewards portal, a contributory pension scheme, employee assistance program, and opportunities for professional development through our L&D functions.

We are committed to creating a diverse and inclusive environment where everyone can thrive and reach their full potential.

For application support or adjustments, contact our Recruitment team at careers@enwl.co.uk or 0845 366 0092 (option 2).

All offers are conditional upon pre-employment checks, including references, DBS, financial and BS7858 checks, and a drug & alcohol test.

We reserve the right to close this vacancy early.

We do not accept speculative CVs from agencies. Any received will be claimed, and no fee will be payable.