- To be discussed
- Contract Type
- Contract Type
- Full Time
- Currently work from home - transitioning to Chorley office
ESG is a market leading provider of innovative technology and services to the utilities and energy industry. We are creating a more competitive utilities sector, improving our customer’s lives through better service and greater choice and guiding our clients through complex industry change. Our mission is to empower global energy leaders to deliver their future promise of energy. Our automated software as a service, expert services and data insight enable competitive leaders to attract customers, provide the best service, innovate constantly and unlock new technology benefits for customers both in the UK and overseas. To date, ESG has enabled a significant number of new entrant energy suppliers to enter the industry and we manage several million customers on behalf of suppliers and metering companies.
- Implement Governance, Cyber Security and Privacy frameworks to meet legal and regulatory requirements.
- Provide leadership for the development of modern cyber security, governance, polices and standards which are relevant and achievable.
- Liaise with Company leadership to ensure alignment of Cyber Security and compliance initiatives with business objectives.
- Foster the execution of cyber security as a business enabler.
- Create and design overarching policies such as the corporate compliance policy, security compliance and risk policy, product security policy, information security policy, security audit and change policy, corporate audit and change policy and any other relevant policy.
- Insure sub polices, processes and procedures are aligned with corporate guidelines and regularly reviewed.
- Create and manage a corporate compliance register, supplier register, contract register & risk register ensuring alignment with departmental versions.
- Create and manage a corporate governance pack that will formalise risks, document control, processes, objectives etc.
- Take part in and monitor external audits and surveys including ISO and Denison.
- Perform regular information audits across the business ensuring compliance with GDPR/PECR.
- Represent ESG Global (Energy) Ltd at tech events, industry forums and government bodies.
- Analyse the changing market environment and ensure product roadmaps are aligned with governance and security requirements.
- Assist with the internal SDLC processes and monitor any issues, vulnerabilities or compliance notifications in development creating adequate quality gates to monitor products.
- Ensure Open Source Governance Standards are maintained, licences reviewed, and obligations fulfilled.
- Monitor the external threat landscape and produce reports detailing the risks to the business.
- Ensure BCDR Plans have been created and are regularly tested.
- Monitor patch releases and ensure IT and Service Ops are kept up to date of any risks.
- Ensure Pen Testing takes place to highlight any security issues with products and manage any remediation activities that need to occur.
- Perform security audits, BCDR audits, risk assessments and change reviews identifying any areas for improvement and managing the remediation activities.
- Set up and maintain an internal audit programme ensuring companywide oversight.
- Act as the companies Data Protection Officer
- Manage and mentor a team of security and compliance practitioners.
- Working to tight deadlines.
- Analytical thinking and attention to detail.
- Good communication skills, both written and verbal.
- Must be able to work independently and as part of a team communicating with all levels of staff.
Qualifications, attributes & experience
- Appropriate certifications in security (CISSP, CISA, CISM, and risk management etc.
- Demonstrable leadership and personnel skills.
- Solid experience in security leadership roles
- ISO Responsibilities
- ISO Staff Awareness
- Follow IMS Policies
- Reporting of Incidents