Cyber Supplier Assurance Operational Team Lead - Glasgow, United Kingdom - SSE

SSE

Verified Company

Glasgow, United Kingdom

2 weeks ago

Posted by:

Tom O´Connor

beBee Recruiter

Description

SSE has big ambitions to be a leading energy company in a low carbon world.

Following our commitment to invest £12.5 billion in low carbon projects over the next 5 years, we have significant growth plans and are well on our way to achieving our ambition to build a world that's more sustainable and inclusive for you, your family, the community you live in and for generations to come.

Join us on our journey to net zero and help us power change.

About the Role:

Cyber Supplier Assurance Operational Team Lead:

Base Location:
Reading, Havant, Glasgow or Perth

Salary:
£44,100 - £66,100 + Performance-Related Bonus and a range of benefits to support your finances, wellbeing and family.

Working Pattern:
Permanent | Full Time. Flexible First options available

Reporting to the Cyber Supplier Assurance Manager, the Operational Lead will sustainably develop and implement a suppler assurance programme of controls to enhance SSE's supplier assurance capability; whilst creating a culture of commitment by raising awareness of SSE's supply chain threat and in doing so reduce SSE's Group supply chain risk.

This will be performed by continuously demonstrating accountability and compliance in line legislation and the Network & Information Systems (NIS) regulation.

The Operational Lead will implement and maintain supplier assurance controls to prioritise key suppliers, identify risks in line with agreed methodologies with all accountable business unit managers and senior management committee reporting in line with SSE's group risk appetite.

The Operational Lead will also have some oversight Cyber Supplier Assurance Analysts delivering in the same team, is responsible for the delivery of value outcomes linked to the product roadmap and can lead some change programmes with cost, business impact and risk in mind.

-
Management Oversight, Interoperability and Automation

Develop and maintain procedures to ensure clear responsibilities which are operationally embedded for supplier assurance and business unit supply chain risk reduction.

Develop plan of work endorsed by the Cyber Supplier Assurance Manager to continuously drive business unit supply chain improvements.

Maintain tracking programmes to monitor business unit supplier risks and preparation of monthly reporting which reflects their supply chain risk.

Manage and track incoming service catalogue and team mailbox requests for assignment and management, to ensure delivery of timebound commitments to our customers.

-
Controls and Processes

Facilitate periodic reviews of Cyber Supplier Assurance methodologies, work instructions and process documents to ensure they remain relevant and updates are published on documentation libraries where required.

Maintain operational methodologies and assessment mechanisms to ensure due diligence remain appropriate and fit for purpose. Maintain risk register of business unit supplier risks to identify themes for reporting
-
Supply Chain Cultural Awareness
Implement and maintain a communications plan which delivers cyber suppler assurance advise and guidance to key stakeholders using various types of media, such as slide packs or guest presentations
-
Operational Assessments and Cyber Assessment

Perform operational assessments using templated assurance questionnaires to ensure legislative, regulatory, continuity and SSE cyber security standards are adhered to by critical suppliers.

Record operational cyber assurance ratings and where required, a list of mitigating recommendations for stakeholder management and cyber risk assessment, action or risk management.

Perform cyber security assessments using existing toolsets to ensure supplier internet facing systems and services consumed by SSE are securely maintained.

-
Supplier Manager Reporting

Perform regular supplier manager presentations to agree key suppliers for contractual, operational, continuity and cyber assessment; to ensure we prioritise assurance for our most critical suppliers.

Follow-up on open recommendations for risk assessment, reporting or action; including their challenges and emerging key suppliers

What do i need?
To be considered for this role, we would love you to have:

Understanding of cyber security frameworks, controls and principles. One or more professional Cyber Security Professional Certifications are strongly preferred (e.g. CompTIA Security+, ISC2 ISACA, CISA certifications. Or equivalent).
Understanding of the supply chain and associated risks and experience in auditing, assurance controls or similar capabilities.
Application of risks and issues concept and ability to develop counter measures and contingency plans associated with significant delivery risk.
Articulate with outstanding written, interpersonal and analytical skills and able to articulate the why at all levels of the organisation.
The ability to build relationships and to engage with professionals and colleagues, working alone or as par