Overview

Cyber Risk and Assurance Analyst

ScottishPower HQ, Glasgow

Salary from £44,000 to £55,000 (D.O.E) per annum plus excellent benefits

Flexible Hybrid Working

Closing Date: 5 October 2025

Help us create a better future, quicker

At the heart of all business visions and activities are the people whose individual efforts and performance make it happen. We encourage our people to be proud of where they work, to share their ideas and to own their careers. We promote a safe working environment and push people to shape and progress their careers so that we grow our talent within the company.

ScottishPower Energy Networks (SPEN) has kicked off an ambitious security transformation programme to transparently reduce risk, achieve compliance with NIS regulations and deliver a cyber resilient business, the Risk and Assurance Analyst will be essential in achieving our goals.

A Risk and Assurance Analyst within SP Energy Networks (SPEN) plays a critical role in supporting SPEN Cyber's mission to maintain robust cybersecurity governance, manage cyber risks effectively, and deliver assurance across IT and OT environments.

This postholder is central to ensuring compliance with regulatory frameworks such as the NCSC Cyber Assessment Framework (CAF), and internal policies and standards. The Cyber Risk & Assurance analyst will collaborate with stakeholders across the business to embed cyber governance practices, assess and mitigate risks, and provide assurance on the effectiveness of cyber controls and capabilities.

The role offers exposure to a wide range of cybersecurity disciplines within a dynamic and regulated energy sector environment.

What you'll be doing

Within this position, you will be responsible for:

• Executing the full Third Party Risk Management (TPRM) lifecycle, including onboarding, control evaluation, and ongoing monitoring of third-party engagements.
• Maintaining and updating supplier inventory, contribute to supplier segmentation and tiering, and support continuous improvement of TPRM frameworks and methodologies.
• Collaborating with cross-functional teams (IT, Legal and Procurement) to embed risk mitigation strategies across supplier engagements.
• Assessing the design and operational effectiveness of key controls, ensuring alignment with regulatory requirements, internal policies, and in accordance with ISO 27001 and IEC 62443 standards.
• Coordinating cyber assurance reviews for strategic suppliers, identifying control gaps, assessing remediation plans, and tracking actions to closure.

• Risk: Supporting Cyber Risk Owners in documenting and managing risks within the enterprise risk management system.
• Contributing to risk reporting and escalation processes, ensuring visibility of key cyber risks to senior leadership.

• Assurance: Maintaining and updating the CAF Evidence Repository and dashboard reporting of attainment status.
• Coordinating with second and third lines of defence for sample testing and audit engagements.
• Tracking and reporting on assurance activities such as penetration testing and audit actions.
• Providing assurance input for change initiatives and regulatory compliance assessments.

What you'll bring

Technical Skills:

• Minimum 3 years experience in cyber risk management, or assurance activities within a regulated environment.
• Professional qualification related to cyber risk management, audit or compliance such as CRISC or CISA desirable.
• Experience of working with a structured management systems and compliance environments, including ISO27001.
• Understanding of IT and OT cybersecurity principles, frameworks and best practices such as NCSC CAF, ISO27001, MITRE or NIST CSF.
• Proficiency in risk assessment methodologies and assurance planning.
• Awareness of regulatory requirements, such as NIS Regulation.
• Professional certifications such as SSCP, CISM, CISA, or similar are advantageous but not mandatory.

• Personal Skills/Abilities: Excellent analytical, problem-solving, and communication skills.
• Ability to work collaboratively in a cross-functional team environment.
• Excellent communication skills.
• Ability to build effective relationships with key stakeholders.
• Ability to adapt quickly to change and support others in this process.
• High integrity and emotional maturity.
• Creative flair is encouraged.
• Ability to interpret technical information and communicate effectively with both technical and non-technical stakeholders.

As a minimum, you will need to demonstrate:

• 2 years of working in a regulated environment, preferably in industrial sectors (energy or otherwise).
• Experience of working as part of a team within a fast-paced and evolving business.
• Excellent oral and written communication skills.
• Must be a proven collaborator to work, promote and consolidate efficient team working relationships.

What's in it for you

As well as a competitive salary which is reviewed annually, you can also enjoy a number of other benefits. With our pension scheme, we'll double match your contribution up to a company contribution of 10%.

At ScottishPower, we believe it's the little things we do in life that make a big difference. From helping you look after your family's wellbeing, save for your future and take personal steps for climate action - our benefits are designed to help you do just that - so that you have everything you need to take care of your world - today and tomorrow. That's why our benefits include:

• 36 days annual leave
• Holiday purchase - perfect your work/life balance with extra annual leave
• Share Incentive Plan and Sharesave Scheme
• Payroll giving and charity matched funding
• Technology Vouchers - save more and spread the cost of your technology purposes
• Count us in - pledge to reduce carbon emissions and help fight climate change
• Electric Vehicle Schemes - to help you transition to green/clean driving
• Cycle to Work scheme and public transport season ticket loans
• Options to purchase dental insurance, private medical insurance, health cash plan and annual health assessments
• Life Assurance (4x salary)
• Access to SmartSave financial wellbeing support
• Plus shopping, leisure, restaurant and gym discounts, and unique employee deals on travel insurance and more

Why SP Energy Networks

SP Energy Networks is part of the Iberdrola Group, one of the world's largest integrated utility companies and a world leader in wind energy. We keep electricity flowing to homes and businesses through Central and Southern Scotland, North Wales and in the North West of England. We operate over 4000km of cables and lines that make-up the transmission network - connecting infrastructure like wind farms into the electricity system. It's a role that puts us right at the heart of Scotland's ambition to be Net Zero by 2044. And we're taking it very seriously. We're investing £5.5 billion into our transmission network, directly supporting the rapid growth needed in renewable energy. With diverse opportunities across our businesses and a commitment to invest in our own internal talent, ScottishPower can offer people real career opportunities that meet personal and professional goals, in a global organisation.

Inclusion, diversity, and a social purpose are at the heart of everything we do. Together with our values, they bring us together into a stronger, more sustainable business with direct links to the communities we serve. It takes all kinds of people to build a large-scale business like ours, so whatever your background, you'll fit right in.

We are committed to providing reasonable support or adjustments in our recruiting processes for candidates with disabilities, long term conditions, mental health conditions, or who are neurodivergent or require pregnancy-related support. If you need support, please reach out to careers scottishpower.com.