Information Security Risk Analyst

We are Centrica! We’re so much more than an energy company. We’re a family of brands revolutionising a cleaner, greener future. Working here is #MoreThanACareer - we’re powered by purpose. Together we can make an impact that will truly change tomorrow. Whether you’re developing cutting-edge green tech, helping customers on the front line or simplifying operations behind the scenes.

Your work here isn’t just a job – it’s a mission. We all play a vital role in energising a greener, fairer future.

An opportunity to play your part – The successful candidate will join the Centrica Centre of Excellence dedicated to managing Cyber and Information Security Risk. This team serves as the second line of defence within the Group IT function, Digital Technology Services (DTS).

Your role involves facilitating collaboration between the team, DTS, and Centrica business units. Together, you will ensure the identification and effective management of Cyber and Information Security risks, safeguarding Centrica's customers, data, services, and systems.

Working alongside the Cyber and Information Security Risk Manager, you will conduct analytical assessments on Risk Posture and appetite to keep the Board of Directors informed about current threats and the security landscape. Additionally, you'll contribute to managing the Technology risk posture across the entire Centrica group.

Location: UK (talk to us about flexible working)

The day to day –

• Aid in the implementation of the Information Security risk framework, ensuring prompt assessment and management of security risks, including threat evaluations and control measures.
• Ensure that Information Security risks align with the risk appetite, either through treatment or acceptance protocols.
• Collaborate with IT teams to identify and evaluate Information Security risks, particularly Cyber risks.
• Conduct regular assessments of Information Security risks related to key services, third-party relationships, and regulatory obligations, overseeing the monitoring of remediation plans.
• Classify services based on their Confidentiality, Integrity, and Availability criteria.
• Utilize outcomes from Information Security risk assessments to pinpoint control deficiencies and weaknesses, providing guidance to enhance control effectiveness through strategic and change initiatives.
• Engage with business units to grasp their primary Information Security risks and establish actions to mitigate, monitor, and enhance control measures.
• Compile quarterly IT Risk submissions for business units and liaise with Group-level risk functions on Information Security risk matters.
• Communicate risks and recommendations to senior leadership using non-technical language, considering cost-effectiveness to ensure Information Systems security.
• Support Legal and Compliance teams, particularly in areas such as Data Protection and Privacy, regarding Information Security risks.
• Stay abreast of external security landscapes and emerging trends to inform Information Security risk management strategies.

About you –

• Ideally possess experience in a Cyber Security risk function, or alternatively, at least three years of experience within 2nd or 3rd line roles.
• Able to demonstrate capability in conducting Cyber Security risk assessments in accordance with established industry frameworks.
• Proficient in modelling threat scenarios to identify Cyber Security threats stemming from new or evolving systems and applications.
• Skilled in facilitating workshops with senior stakeholders from diverse backgrounds to identify and assess Cyber Security risks, assigning appropriate risk ratings.
• Familiarity with Operational Technology (OT), Internet of Things (IoT), and Cloud Cyber Security threats, controls, and risks is advantageous but not mandatory.
• Proficient in creating communication materials and reports tailored for C-suite executives and senior leadership.
• Capable of producing effective reports for C-suite executives and conducting briefings with both technology and business leaders.
• Experience in administering Governance, Risk, and Compliance (GRC) tools and methodologies.

What’s in it for you –

• Competitive salary and bonus potential.
• Employee Energy Allowance at 15% of the government price cap.
• Pension scheme.
• Company Funded Healthcare Plan.
• 25 days holiday allowance, plus public holidays, and the option to buy up to 5 additional days.
• Excellent range of flexible benefits, including technology vouchers, electric car lease scheme & travel insurance.

At Centrica we embrace diversity and actively seek to attract individuals with unique backgrounds and perspectives. To build a more sustainable future, we need the best team – a team with a diverse mix of people and skills, where everyone feels welcome and able to succeed. We are dedicated in helping to close the diversity gap and would love to see more females, people of colour and LGBTQ+ employees, as well as those from a variety of cultures and ethnicity to veterans and the differently abled. Supporting diversity and inclusion is a big part of who we are, we are not looking for people to fit into our culture but to add to it!

PLEASE APPLY ONLINE by hitting the 'Apply' button.

Applications will ONLY be accepted via the ‘Apply’ button.

This role is being handled by the Centrica recruitment team and NO agency contact is required.