Lead Cyber Security Engineer

Lead Cyber Security Engineer

ScottishPower HQ, Glasgow - hybrid working

Salary: £61-77K (plus up to 15% bonus and single healthcare cover).

Permanent, Full Time

Help us create a better future, quicker

Joining ScottishPower within our Customer Business, you'll be responsible for delivering all technical aspects of the Retail Business Cyber Assurance workstream.

You'll lead on all technical deliveries, vulnerability management, and mitigating control delivery which feeds into the Cyber Assurance Strategy. Your focus will be on our UK Operations Energy Customer applications, driving assurance activities in collaboration with senior management.

What you'll be doing

This role plays a key part in driving security improvements to deliver a secure-by-design system landscape. You will be responsible for implementing significant system and process changes across our application portfolio, involving multiple technologies and third-party vendors. We seek IT professionals with strong technical expertise and leadership skills to join our growing team.

Responsibilities include but are not limited to:

• Developing and defining security standards and best practices
• Reporting on key risk indicators and implementing mitigation plans
• Working with the Cyber Security Workstream Lead to define the security architecture roadmap
• Ensuring adherence to security architecture standards
• Understanding the full technical stack, including security controls and their effectiveness
• Setting up and maintaining security logging, monitoring, metrics, and reporting systems for security observability and alerting
• Implementing automated security testing (e.g., DAST, SAST, IAST, RASP)
• Collaborating with product and engineering teams to embed security best practices into Digital applications
• Conducting security audits and providing recommendations for improvement
• Providing cybersecurity advice and guidance to team members and the wider business
• Planning and implementing backup, recovery, high availability, secrets & key management solutions
• Working closely with technical teams to identify and remediate vulnerabilities
• Participating in audit activities to ensure compliance with standards like ISO27001

What you'll bring

The successful candidate will likely be degree-educated, with significant experience contributing to the IT security strategy of a similarly sized organization, and hold relevant qualifications (e.g., CISSP, CISM, ISO27001). Pre-employment screening in accordance with British Standard BS7858 may be required.

You should have proven experience and knowledge in:

• Security risk management and remediation planning
• Designing technical controls across IT/Digital disciplines
• Managing penetration testing and control assurance programs
• Implementing security tools effectively
• Security best practices, vulnerability, and risk management in a mature security environment
• Working effectively with diverse technical teams including architecture, networking, security, cloud, UNIX, DBAs, and developers

What's in it for you

Alongside a competitive salary, benefits include pension scheme with employer matching up to 10%, 36 days annual leave, holiday purchase options, share schemes, charitable giving, technology vouchers, green initiatives, health and wellbeing support, and discounts on various services.

Why ScottishPower

Part of the Iberdrola Group, ScottishPower is committed to renewable energy and sustainability. We offer diverse career opportunities within a global organization that values inclusion and diversity. We support candidates with disabilities or special needs throughout our recruitment process.