Corporate Biso - Glasgow, United Kingdom - SCOTTISH POWER UK PLC

SCOTTISH POWER UK PLC

Verified Company

Glasgow, United Kingdom

2 weeks ago

Posted by:

Tom O´Connor

beBee Recruiter

Description

Corporate Business Information Security Officer (BISO)

Glasgow HQ

Competitive salary + benefits (including bonus & car allowance)

Family Health cover

Open to discussing flexible working

Closing Date: 10th September

Help us create a better future, quicker

The primary role of the Corporate Business Information Security Officer (BISO) is to provide all UK Corporate Directors with assurance and reporting that cyber security risks are managed within risk tolerance and that all relevant regulations and rules are complied with.

The BISO will support the coordination and definition and drive the delivery and monitoring of a cyber security plan, governance model, and oversee and validate a risk assessment framework for all UK Corporate functions to ensure that cyber security risks are known, owned, monitored, and mitigated.

As part of this, the BISO will be an integral member of the ScottishPower Cyber Security Committee.

The BISO will help ensure that the cyber security strategy for the Corporate functions forms part of those functions' wider strategy and plans and that it aligns and supports delivery of the functions' goals and operating priorities.

_ What you'll be doing_:

Functional Accountabilities:

Specifically, the BISO role will coordinate and oversee the delivery of the following across the UK Corporate functions:
Definition and oversight of the completion of a cyber security risk and assurance assessment in all UK Corporate functions using the UK Cyber Security Risk Framework
Definition of a cyber governance model for the Corporate functions to ensure accountabilities are defined and support the development of a cyber security strategy that aligns with the individual function strategy and with Global BISO and cyber security frameworks
Collaboration with UK Corporate Directors to agree the risk decisions to be taken. Definition and oversight of implementation of action plans in agreement with UK
Corporate departments
Creation and deployment of security standards, guidelines and procedures across all UK Corporate departments as needed to ensure secure by design as well as compliance with the UK Cyber Rules and external cyber security legislation and regulations
Definition and coordination of a programme for assuring controls associated with key risks and compliance obligations
Ensure the prioritisation of investment by the Corporate functions for new technology solutions or enhancement to existing solutions and support the implementation of these solutions and alignment with the IT Security Plan, interfacing and steering this in conjunction with the IT function as required
The development and implementation of processes and standards to ensure that all new hardware, software, and services are secure by design. Developing and delivering an assurance service to ensure that these are being consistently applied across the lifecycle of the asset
Coordination with each UK Corporate department to develop and deliver a cyber security plan that is aligned with the cyber security strategies being delivered by the Global Corporate BISOs and support definition of the appropriate resources and budget required to deliver the plan
The development and operation of a cyber security compliance framework to provide the CEO with assurance of compliance with relevant laws, regulations, and Cyber Security Rules. The development and implementation of processes and standards to ensure that 3rd party risks are identified and appropriately managed throughout the lifecycle of all contracts
The definition and operation of processes, technologies, and resources to ensure the Business is able to detect and manage cyber security threats, vulnerabilities, and incident
Coordination of the development and implementation of cyber security incident response plans across the various UK Corporate departments, ensuring integration with the UK CSIRT
The definition, operation, and regular testing of security incident response and business continuity plans to ensure preparedness for cyber security incidents
Support the definition of and Coordination of the delivery of cyber security training and awareness, in coordination with UK Cyber Security, that supports the transformation of cyber culture across the UK Corporate businesses to ensure that everyone has the required baseline and required cyber skillsets to perform their role

Global Coordination:

The UK Corporate BISO will coordinate closely with the Global Corporate Area BISOs to ensure that plans, models, and frameworks are aligned
The UK Corporate BISO will coordinate with the Global Cyber Security Office (under Digital Planning and IT) to coordinate and align all activities, and to ensure consistency and standardisation with controls and standards

CISO Coordination:

The UK Corporate BISO will provide regular updates to the CISO on the progress of cyber security plans, assurance activities and key risk posture and o