Head of Technology, Risk Management and Governance - Perth, United Kingdom - SSE

SSE
SSE
Verified Company
Perth, United Kingdom

2 weeks ago

Tom O´Connor

Posted by:

Tom O´Connor

beBee Recruiter
Description
SSE has big ambitions to be a leading energy company in a low carbon world.

Following our commitment to invest £18 billion in low carbon projects to 2027, we have significant growth plans and are well on our way to achieving our ambition to build a world that's more sustainable and inclusive for you, your family, the community you live in and for generations to come.

Join us on our journey to net zero and help us power change.


About the Role

Base Location:
Flexible, however our preference is that you will be based in one of our key UK or Ireland sites, which includes but is not limited to:

  • Edinburgh, Glasgow, Perth, and Reading.

Salary:

Highly competitive and based on experience + car /car allowance + performance-related bonus + a range of benefits to support your finances, wellbeing and family.


Working Pattern:
Permanent | Full Time with Flexible First options available


The Head of Technology Risk Management and Governance will lead the Group Technology Risk management and Governance function within IT.

They will be accountable for continually improving the provision of GRC services and assure against significant loss of service, financial loss and reputational damage.


This is senior and visible role within the SSE organisation, where the role holder will be accountable for ensuring the SSE Group discharges its technology and cyber risk obligations whilst also ensuring that all risks and controls are managed and ultimately the Group is not adversely impacted.


The role holder will work collaboratively with senior IT, Business stakeholders and governance and control boards (Group Audit and Risk Committees and BU Excos) to define, communicate and measure key risk and controls for IT, maintained in line with business risk appetite.

At SSE we operate a three lines of defence model, this role will interface with Group Risk and Audit (3rd line) whilst being accountable overseeing the effectiveness of the first and second lines of defence.

Key Accountabilities

  • Provide management and leadership of the Governance, Risk and Compliance Function including accountability for Tech and Cyber Risk.
  • Accountable for the Technology Risk framework covering Technology Resilience, Cyber and Data Management governance, risk and assurance objectives.
  • Ensuring that IT, Cyber and Supply Chain risk management is comprehensive and aligned to SSE's business strategy and risk appetite.
  • Accountable for compliance management for Technology, Cyber and Supply Chain risks that may impact SSE IT operations, change the delivery of the IT business strategy, or present a threat to SSE's risk appetite or compliance status.
  • Make recommendations on design and build of robust GRC solutions and controls to enable delivery of the IT / business strategy. You will also drive audit and testing assurance programmes to ensure IT, Cyber and Third Party controls are compliant with regulatory requirements as well internal standards and policies.
  • Accountable for first line risk and assurance governance objectives, ensuring accurate management information and reporting from Operational committees through to Board.
  • Develop and deliver automated metrics and reports that provide a real time compliance 'dashboard' for use at all levels of the organisation and enables tangible and visible risk reduction.

What do I need?
To be considered for this role, we would love you to have:

  • Considerable experience of previously leading an IT GRC function.
  • Experience in establishing technology and security governance and controls to protect the organisation's information resources, in the most effective and efficient manner, in pursuit of its business objectives.
  • Significant experience in managing and assessing the effectiveness and coverage of organisational Technology and Security Policies, ensuring they are up to date, complete, and aligned to business risk. You should also have significant experience in defining and collecting metrics operationally and assurance metrics for regular reporting to the Governance Committees and Executive Leadership Teams.
  • Experience of partnering with business stakeholders to capture, monitor changes in scope, and regularly audit highrisk organisational third parties to deliver improved risk outcomes.
  • Experience in providing leadership, direction, and guidance in assessing and evaluating information security risks, monitoring compliance to security standards and appropriate policies (SANS, CIS, NIST, Cyber Essentials etc.)

About our Business
SSE IT underpins the technology needs of all the different businesses that make up the SSE group.

From emerging technologies to data and analytics to cyber security - we power SSE's growth and enable it to generate value, while keeping it secure.

As a trusted business partner that helps SSE lead in a low carbon world, we are proud of our service.

Working for SSE IT is all about equipping SSE for now and the future.

**What's in it for
More jobs from SSE
See all jobs of SSE