On behalf of our client in the Energy Sector we are seeking to recruit a Cyber Security Compliance Lead
Location: UK, London (Hybrid) with occasional travel to Folkestone & Calais
Overview
As the GRC Lead, you will engage with internal and external auditors, regulators (Ofgem, DESNZ, CRE, etc.), and other stakeholders to prepare and submit compliance reports to internal governance committees and regulators. You will manage the implementation of findings from risk assessments, audits, and compliance reviews. Additionally, you will oversee the full lifecycle of compliance audits and ensure adherence to existing and emerging regulations and standards, including NIS, NIS2, NIST, CSF, ISO27001, IEC62443, etc.
Main Responsibilities
- Risk Management: Manage risks and vulnerabilities, including assessments, compliance reviews, audits, and tracking using the GRC tool (OneTrust) in accordance with NIST standards.
- Compliance: Ensure the company meets all regulatory requirements related to cybersecurity, including:
- Managing and supporting NIS and NIS2 internal and external audits/inspections.
- Preparing and owning NIS/NIS2 compliance reports and submitting them to regulators.
- Responding to inquiries from auditors and regulators about ongoing operational compliance.
- Governance:
- Preparing monthly internal governance committee reports.
- Tracking progress against the company's Security Improvement Plan.
- Documenting and reporting control failures and gaps to the Security Committee.
- Security Standards: Manage security standards, policies, and practices annually to ensure they meet the company's assurance plan.
- Incident Assessment: Assess incidents, vulnerability management, patching status, penetration test results, phishing, and social engineering tests and attacks.
- Framework Adoption: Lead the adoption, continual improvement, and certification on cybersecurity frameworks like ISO 27001, NIST, and CIS Controls.
Experience Required:
- 5+ years of direct experience in cybersecurity, with an emphasis on risk and compliance.
- At least 2 years of expertise in NIS reporting requirements and handling inspections/audits.
- Thorough understanding of regulatory compliance requirements and standards, including NIS, NIS2, NIST, ISO27001, IEC62443, and GDPR.
- Experience with GRC tools, techniques, and best practices. Experience with OneTrust is an advantage.
- Proven experience in managing third-party audits, compiling evidence, and organizing audit responses.
Education:
- Bachelor’s degree in information cybersecurity or certifications in cybersecurity, risk management, governance, or a related field.
Skills and Competencies:
- Highly effective written and verbal communication skills; excellent presentation skills.
- Attention to detail and a strong focus on accuracy.
- Ability to understand the wider business context.
- Ability to work under pressure in a dynamic environment.
- Self-starter and results-oriented.
- Strong professional relationship-building skills with internal and external stakeholders.
- Strong influencing and negotiating skills.
- Fluent in English; knowledge of French is an advantage but not essential