Enable job alerts via email!

Lead Cyber Security Engineer

Jersey Electricity Plc

Glasgow

Hybrid

GBP 61,000 - 77,000

Full time

13 days ago

Generate a tailored resume in minutes

Land an interview and earn more. Learn more

Start fresh or import an existing resume

Job summary

A leading energy company is hiring a Lead Cyber Security Engineer to enhance security within their digital applications. This hybrid role involves ensuring adherence to security standards and managing risk across various technologies. The successful candidate will possess strong expertise and qualifications in cybersecurity to drive assurance activities.

Benefits

Pension scheme with employer matching
36 days annual leave
Technology vouchers
Health and wellbeing support

Qualifications

  • Degree-educated with significant experience in IT security.
  • Holds relevant qualifications like CISSP, CISM.
  • Proven experience in security risk management and remediation.

Responsibilities

  • Develop security standards and best practices.
  • Implement significant system and process changes.
  • Conduct security audits and provide recommendations.

Skills

Security risk management
Technical controls design
Managing penetration testing
Implementing security tools
Vulnerability management
Collaborating with technical teams

Education

Degree in IT or related field
CISSP or CISM certification
ISO27001 qualification

Job description

Lead Cyber Security Engineer

ScottishPower HQ, Glasgow - hybrid working

Salary: £61-77K (plus up to 15% bonus and single healthcare cover).

Permanent, Full Time

Help us create a better future, quicker

Joining ScottishPower within our Customer Business, you'll be responsible for delivering all technical aspects of the Retail Business Cyber Assurance workstream.

You'll lead on all technical deliveries, vulnerability management, and mitigating control delivery which feeds into the Cyber Assurance Strategy. Your focus will be on our UK Operations Energy Customer applications, driving assurance activities in collaboration with senior management.

What you'll be doing

This role plays a key part in driving security improvements to deliver a secure-by-design system landscape. You will be responsible for implementing significant system and process changes across our application portfolio, involving multiple technologies and third-party vendors. We seek IT professionals with strong technical expertise and leadership skills to join our growing team.

Responsibilities include but are not limited to:

  • Developing and defining security standards and best practices
  • Reporting on key risk indicators and implementing mitigation plans
  • Working with the Cyber Security Workstream Lead to define the security architecture roadmap
  • Ensuring adherence to security architecture standards
  • Understanding the full technical stack, including security controls and their effectiveness
  • Setting up and maintaining security logging, monitoring, metrics, and reporting systems for security observability and alerting
  • Implementing automated security testing (e.g., DAST, SAST, IAST, RASP)
  • Collaborating with product and engineering teams to embed security best practices into Digital applications
  • Conducting security audits and providing recommendations for improvement
  • Providing cybersecurity advice and guidance to team members and the wider business
  • Planning and implementing backup, recovery, high availability, secrets & key management solutions
  • Working closely with technical teams to identify and remediate vulnerabilities
  • Participating in audit activities to ensure compliance with standards like ISO27001

What you'll bring

The successful candidate will likely be degree-educated, with significant experience contributing to the IT security strategy of a similarly sized organization, and hold relevant qualifications (e.g., CISSP, CISM, ISO27001). Pre-employment screening in accordance with British Standard BS7858 may be required.

You should have proven experience and knowledge in:

  • Security risk management and remediation planning
  • Designing technical controls across IT/Digital disciplines
  • Managing penetration testing and control assurance programs
  • Implementing security tools effectively
  • Security best practices, vulnerability, and risk management in a mature security environment
  • Working effectively with diverse technical teams including architecture, networking, security, cloud, UNIX, DBAs, and developers

What's in it for you

Alongside a competitive salary, benefits include pension scheme with employer matching up to 10%, 36 days annual leave, holiday purchase options, share schemes, charitable giving, technology vouchers, green initiatives, health and wellbeing support, and discounts on various services.

Why ScottishPower

Part of the Iberdrola Group, ScottishPower is committed to renewable energy and sustainability. We offer diverse career opportunities within a global organization that values inclusion and diversity. We support candidates with disabilities or special needs throughout our recruitment process.

Get your free, confidential resume review.
or drag and drop a PDF, DOC, DOCX, ODT, or PAGES file up to 5MB.