IT Risk and Control Manager

The IT Risk and Controls Manager, within the Service Operations and Delivery team, assists with the implementation and ongoing development of IT risk and control procedures throughout the SIAM ecosystem. With a focus on proactive risk management and operational resilience, the role collaborates closely with IT stakeholders, service delivery teams, and providers to identify, communicate, and address compliance challenges, ensuring operational risks are effectively managed within the organisations risk appetite. This role evaluates the effectiveness of IT controls, verifies adherence to established standards and requirements, and provides critical information to support the Service Leadership team in informed decision-making. In addition, this position drives the seamless integration of controls into operational processes and services, works in partnership with the Governance Risk and Compliance (GRC) team, and builds strong relationships with IT Partners, Business Units, and service providers to foster a culture of continual improvement and operational resilience.

• Ensure IT systems and operational processes comply with relevant regulations and industry standards and conduct regular and thorough IT risk assessments in collaboration with cross-functional teams to identify potential compliance gaps and areas for improvement.
• Drive operational resilience initiatives by ensuring IT systems and services are robust, recoverable, and capable of withstanding disruptions. Support the business continuity and disaster recovery (BC/DR) planning and testing processes from an IT risk and controls perspective, ensuring that appropriate measures and controls are in place, regularly reviewed, and improved to minimise the impact of incidents on business operations.
• Manage the Group Technology Services (GTS) Operational Risk Register by diligently tracking operational risks, embedding appropriate controls within business processes, and providing regular updates on risk status. Reporting on IT risk and control matters, including emerging issues and outstanding actions, directly to Risk Boards and Committees to facilitate informed decision‑making.
• Consult closely with Cyber Risk and Information Security teams to align strategies, share insights, and ensure a unified approach to managing IT risks and collaborate effectively with the 2LOD GRC Team and engage with GTS stakeholders to drive a culture of compliance and strengthen overall governance structures.
• Coordinate activities with audit teams to systematically review and evaluate IT controls and processes, addressing any identified weaknesses or instances of non‑compliance.

Experience of delivering IT risk, compliance or assurance activities including operational resilience.

• Good knowledge of IT governance frameworks such as COBIT 5, ITIL, ISO31000, 27005, 38500 and their interactions.
• Experience of designing or reviewing IT processes and their controls and performing risk assessments.
• Working knowledge of IT and operational risk, IT and enterprise architecture, IT strategy and IT outsourcing, service management, and delivery.
• Proficiency in communicating and collaborating with both internal and external stakeholders.

SSE has a bold ambition – to be a leading energy company in a net zero world. We’re investing around £10 million a day in homegrown energy to help power a cleaner, more secure future. Our investment will see us build the world’s largest offshore wind farm and transform the grid to deliver greener electricity to millions.

Our IT division powers growth across all SSE business areas by making sure we have the systems, software and security needed to take the lead in a low‑carbon world. They provide expertise, advice and day‑to‑day support in emerging technologies, data and analytics, cyber security and more.

Salary: £50,100 - £75,100 + performance‑related bonus and a range of benefits to support your finances, wellbeing and family.

Working Pattern: Permanent | Full Time | Flexible – First options available. Enjoy discounts on private healthcare and gym memberships. Wellbeing benefits like a free online GP and 24/7 counselling service. Interest‑free loans on tech and transport season tickets, or a new bike with our Cycle to Work scheme. As well as generous family entitlements such as maternity and adoption pay, and paternity leave.