Cyber Security Governance Lead 9 views

Position Cyber Security Governance Lead
Reporting to Cyber Security Manager
Function Information Systems
Location Newington House, London, Crawley or Ipswich
Reference Number 58167
Employment Period Permanent
Contract Type Personal Contract
CiP Level / Bonus 5%
Starting Salary   £60,000 – Plus benefits and bonus
Closing Date 07/05/2021



All applications will be reviewed after the closing date


We also offer :

Annual leave 25 days

Personal Pension Plan – Personal contribution rates of 4% or 5% (UK Power Networks will make a corresponding contribution of 8% or 10%)

Tenancy Loan Deposit scheme

Tax efficient benefits: cycle to work scheme

Season ticket loan

Occupational Health support

Switched On – scheme providing discount on hundreds of retailers products.

Supplier discounts, such as O2, EE, Vauxhall cars, Universal tyres

Discounted access to sports and social clubs

Employee Assistance Programme.



The Cyber Security Governance Lead will support the Cyber Security Manager in ensuring that UK Power Networks information systems and users are adequately protected from cyber threats so to ensure continuous and effective business operations. This role will work with the IS Managed Service Providers, internal support teams and internal and external stakeholders to implement and operate cyber security systems and processes on behalf of the Head of Cyber Security & Architecture.

Ultimately, this role will support UKPN on its journey from ‘Good’ to ‘Great’ cyber security. Through the further embedding of cyber security into business practices and technology, this role will support UKPN in becoming recognised globally as a leading Distribution Network Operator in the field cyber security by 2019.




Providing support to the Cyber Security team in the security management of 6000+ internal users, contractors and associated infrastructure and systems


Staff –  1 assigned Cyber Security Risk and Compliance Analyst, plus third party resources and multiple service providers





  1. Lead and deliver activities within the continuous programme of cyber security improvement relating to policy, risk, compliance and awareness enhancements


  1. Oversee, assure and improved the effectiveness of the companies Information Security Management system maintaining compliance with ISO 27001:2013


  1. Support the development and implementation of UKPN’s Cyber Security Strategy ensuring alignment to the company vision, values and strategic objectives


  1. Lead the development of multi-channel cyber security awareness materials and training to ensure company-wide and specialist audiences are effectively serviced and the effectiveness of such activities is measured to drive continuous improvements


  1. Produce relevant and accurate cyber security metrics in relation to governance, risk, compliance and awareness measures to demonstrate their effectiveness to practitioner, senior management and business audiences


  1. Develop and undertake risk prioritised cyber security assurance activities on the services delivered by third Party Service Providers where company systems and/or information assets are utilised


  1. Oversee and support cyber security incident response, recovery and lesson learned activities in relation misuse, loss or compromise of sensitive company data so to closely support the Cyber Security Operations Lead and the wider cyber security management capability


  1. Assist the Cyber Security Operations Lead in undertaking effective root cause analysis of security incidents to ensure prompt action is taken to prevent incident reoccurrence and strengthen relevant cyber security controls


  1. Lead on the management and reporting of cyber security related risks within the Technology team’s risk management governance framework and the overarching company risk management arrangements


  1. Direct and oversee the management of IT related audits where wholly or significantly relevant to the companies cyber security controls and supporting arrangements


  1. Mentor, develop and oversee the activities undertaken by a Junior Cyber Security Analyst as and when assigned


  1. Have ability to deputise for the Cyber Security Manager for certain pre-agreed tasks and activities




The Information Systems department works across UK Power Networks, supporting the company in the achievement of its strategy and vision to become the best performing DNO. The team achieve this through the provision of technology solutions, as well as the optimisation of current solutions to improve how the company operates. Continuous improvement, customer service and seamless delivery is at the heart of this ethos and are therefore strongly underpinned by effective cyber security.


This role works closely with the Head of Cyber Security, an assigned Cyber Security Risk and Compliance Analyst, members of the Cyber Security team, the rest of Information Systems team, IT Service Providers and business stakeholders across UKPN to implement and optimise cyber security arrangements.


The role blends a number of skillsets including cyber security control assurance, design, implementation, operation and governance. The key measure of success for this role is upholding the IT and organisational resilience of UKPN in relation to cyber threats and incidents.





  • 5 years+ experience of management of Cyber Security
  • Holds an industry renowned information security qualification such as CISSP, CISM or BCS ISMP)
  • Excellent verbal and written communication skills
  • Experience of managing cyber security in IT environment with both internal and external service provision
  • Experience of orchestrating cyber security risk and control assessments
  • Highly self-motivated and action oriented individual with a strong results driven mentality
  • Excellent working knowledge of ISO/IEC 27001/27002 and ISMS operation
  • Excellent working knowledge of the Smart Energy Code
  • Excellent working knowledge of the Network and Information Systems Directive and the NCSC Cyber Assessment Framework
  • Establishes excellent relationships with senior colleagues and external stakeholders
  • Has good commercial acumen
  • A UK national suitable for completing UK Government security vetting up to SC level


Health & Safety Responsibilities

Managers and supervisors carry both legal and company responsibilities for ensuring the health and safety of their employees, those under their control and those who might be affected by the work undertaken, i.e. public, visitors and employees of other organisations. This includes briefing individuals working for them and ensuring there is the necessary understanding, competence and application of requirements to work safely and without harming the environment.

Employees will ensure they fully understand the health and safety risks involved in their work activities and their responsibility to apply the controls needed to manage those risks to acceptable levels. Similarly where work activities can have an adverse impact upon the environment, and particularly where there are legal requirements, employees will understand those impacts and the controls they must ensure are applied.

Employees need to be aware that for some craft and operational roles that work at height, or use fall arrest devices, there is an upper weight limit of 116Kg due to maximum safe working load of the safety equipment that is used.

If in doubt ask!


We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender, gender identity or expression, or veteran status. We are proud to be an equal opportunity workplace.

More Information

Job Search

Company Search





Stay connected!