Technology Risk Analyst

at  Centrica

We are Centrica! We’re so much more than an energy company. We’re a family of brands revolutionising a cleaner, greener future. Working here is #MoreThanACareer - we’re powered by purpose. Together we can make an impact that will truly change tomorrow. Whether you’re developing cutting-edge green tech, helping customers on the front line or simplifying operations behind the scenes.
Your work here isn’t just a job – it’s a mission. We all play a vital role in energising a greener, fairer future.

ACCOUNTABILITIES

• Assist in implementing the Technology risk and Controls framework and ensures timely assessment and treatment of security risks
• Ensure Technology risks are either treated or accepted in accordance with the risk appetite
• Works with the IT teams to identify and assess Technology risks including Cyber and InfoSec risks
• Ensure periodic Technology risk assessments of key services, third parties and regulatory commitments are performed, and remediation plans are monitored
• Ensure services are assessed and classified based on their Confidentiality, Integrity, and Availability
• Work with the IT/OT teams to understand their key Technology risks and agree the actions to mitigate or monitored and improve their controls
• Produce the quarterly IT Risk submission for the business units and working with Group level risk functions on Technology risk
• Inform senior leadership of risks and recommendations in non-technical terms, considering cost/benefit, to ensure security of Information Systems
• Support Legal and Compliance teams e.g. Data Protection and Privacy, as regards to Technology risks
• Understand the external security environment and emerging trends to support Technology risk management

WHAT WE NEED FROM YOU

• Strong knowledge of Technology risk and Control assessment methods/ Technology Audit
• Strong knowledge of Information Security technologies, such as identity and access management, encryption, and multi-factor authentication
• Understanding of power utilities, retail energy, and oil & gas industry trends and emerging threats would be useful but not essential
• Ability to draw upon external network to understand emerging Cyber Security threats and events
• Knowledge of internal and/or external regulatory policies, standards, procedures, and controls (e.g., COBIT, COSO, NIST, ISO27xx)
• Ability to drive technical consensus and facilitate agreements with challenging stakeholders
• Ability to understand business visions and strategy
• Strong communication (oral and written) and conflict management skills
  Education/ Certification: CISA, CRISC or other similar qualification (desirable)

AT CENTRICA WE EMBRACE DIVERSITY AND ACTIVELY SEEK TO ATTRACT INDIVIDUALS WITH UNIQUE BACKGROUNDS AND PERSPECTIVES. TO BUILD A MORE SUSTAINABLE FUTURE, WE NEED THE BEST TEAM – A TEAM WITH A DIVERSE MIX OF PEOPLE AND SKILLS, WHERE EVERYONE FEELS WELCOME AND ABLE TO SUCCEED. WE ARE DEDICATED IN HELPING TO CLOSE THE DIVERSITY GAP AND WOULD LOVE TO SEE MORE FEMALES, PEOPLE OF COLOUR AND LGBTQ+ EMPLOYEES, AS WELL AS THOSE FROM A VARIETY OF CULTURES AND ETHNICITY TO VETERANS AND THE DIFFERENTLY ABLED. SUPPORTING DIVERSITY AND INCLUSION IS A BIG PART OF WHO WE ARE, WE ARE NOT LOOKING FOR PEOPLE TO FIT INTO OUR CULTURE BUT TO ADD TO IT!

PLEASE APPLY ONLINE by hitting the ‘Apply’ button.
Applications will ONLY be accepted via the ‘Apply’ button.
This role is being handled by the Centrica recruitment team and NO agency contact is required

Please refer the Job description for details