Senior Cyber Security Risk Specialist

Are you ready to make a meaningful impact in the world of cyber security? UK Power Networks is seeking a dedicated Senior Cyber Security Risk Specialist to join the Information Systems directorate in either our London or Crawley office. Salary up to 75,000.00 plus a 7.5% bonus.

Step into a pivotal role where your skills and insights will help shape the security posture of a leading energy distribution company. You will report directly to the Cyber Security Governance, Risk & Compliance Manager and work closely with a group of 8-10 GRC professionals and expert partners. You will mentor less experienced analysts, provide guidance and training, and may deputise for the GRC Manager, representing UK Power Networks at industry forums and regulatory working groups. You will communicate with senior management across IT, IS, and the broader business, as well as with auditors and third-party partners, translating technical risks into actionable recommendations.

Your main accountabilities revolve around conducting cyber security risk assessments using the UK Power Networks framework, identifying, tracking, and remediating control environment risks, and ensuring third-party risks are addressed. You will produce management information and regulatory submissions, maintain compliance with major standards like ISO 27001/27002, and provide assurance for policy compliance. You will establish robust GRC policies and procedures, develop the IT controls framework, and support business continuity and disaster recovery planning. You will operate and improve our information security management system, ensure ongoing compliance with legal and regulatory requirements such as Cyber Essentials, NIS Regulations, and the Smart Energy Code, and support the technical implementation of GRC tools.

Imagine being part of a team that is integral to delivering seamless technology solutions and continuous improvement throughout the organisation. The Information Systems Department underpins our commitment to operational excellence, customer service, and cyber resilience. In this role, you will assess IT and cyber risks, drive improvements in our cyber maturity, collaborate with a variety of internal and external partners, and enable UK Power Networks to maintain its license to operate by demonstrating a strong and sustainable security posture.

• Conduct cyber security risk assessments using the UK Power Networks framework.
• Identify, track, and remediate control environment risks; address third-party risks.
• Produce management information and regulatory submissions; maintain ISO 27001/27002 compliance; provide policy assurance.
• Establish GRC policies and procedures; develop the IT controls framework; support business continuity and disaster recovery planning.
• Operate and improve the information security management system; ensure compliance with Cyber Essentials, NIS Regulations, and the Smart Energy Code.
• Support the technical implementation of GRC tools.
• Mentor less experienced analysts and deputise for the GRC Manager as needed; represent the company at industry forums and regulatory working groups.
• Engage with senior management, auditors, and third-party partners to translate risks into actionable recommendations.

• Practical experience in GRC, audit, or cyber security; relevant training in cyber risk assessment.
• Deep knowledge in at least three specialist areas such as industry standards, operational controls, risk management, business continuity, or supply chain security.
• Professional certifications such as CISSP, CompTIA, CISA, CISM, CRISC, or an academic background in information security (highly valued).
• Hands-on experience in compliance frameworks, IT/OT risk assessments, and audit engagements.
• Familiarity with regulated environments, especially within the energy sector, is advantageous.

• 25 days of annual leave plus bank holidays
• Reservist leave; generous pension plan
• tenancy loan deposit and season ticket schemes
• Tax-efficient benefits, health support, retail discounts
• Employee assistance programme

We are committed to supporting health, safety, and wellbeing and are proud to be an equal opportunity employer who values diversity and inclusion at every level.

If you are motivated to support a critical infrastructure business, thrive in a collaborative environment, and are passionate about advancing cyber security, we invite you to apply. Take the next step towards an exciting and rewarding career—your expertise could make all the difference. Click apply to view the full job description on our careers page with a closing date of 28/09/2025.