Online since 1999 | 10,117 IT Jobs Live NOW
Senior Compliance Manager
Premium Job From Experis IT
Recruiter: Experis IT
Listed on: 20th September
Location: London
Type: Permanent
Start Date:
Reference: BBBH110837_1568979921
Contact Name: Aaron Madray

Senior Compliance Manager - London

Purpose

The role will be working in the CA function reporting to the Head of CA Assurance.

The key purpose of this role is to monitor, support, report and instruct against the regulatory framework to ensure operational systems and networks, owned and/or managed by Operators of Essential Services, in the energy sector in Great Britain, remain resilient against cyber and related security threats.

Responsibilities

  • Accompany the auditors during inspections and record findings
  • Randomly conduct audit inspection of operators or on new audit request
  • Demystify subjectivity between the auditors
  • Manage the auditor pool in assigning, scheduling and prioritising audits providing clear plans/instructions to meet timely inspections.
  • Maintain a record of all audit inspections, managing the inspection reports, providing analysis and outcomes.
  • Provide scrutiny of audit reports; assessment reports, improvement plans and incident reports.
  • Support the drafting or review of the framework, policies, procedures, risk assessments where necessary for Ofgem to operate as Competent Authority.
  • Engage with government bodies and attend forum and events to understand threat landscape for sector.
  • Escalate non-compliance and offer advice to support a balanced penalty process.
  • Collate and formulate sector wide risk view.
  • Record outputs and decisions from audits and meetings, including, any incidents, which may form part of an enforcements process.
  • Provide compliance on Smart Metering programme, including but not limited to, monitoring supplier compliance, monitoring the governance board; monitoring and contributing to any proposals for modifications/changes; develop briefing for governance board and sharing intelligence with OGD stakeholders.

Skills / Experience

Essential:

  • 3 years' minimum experience in security auditing/inspection.
  • Educated to Degree level or equivalent in a cyber, engineering or technology-based discipline or equivalent.
  • Hold one or more professional qualifications in ISO27001:2013 Lead Auditor, CISA or equivalent.
  • Must demonstrate that you have recent and relevant skills and experience in all the following areas:
    • Conducting audit inspections of environment for critical national systems, IT, IS, OT or national headline services;
    • Performing security risk assessments;
    • Written and reviewed audit reports and Risk Treatment Plans (RTP)
    • Ability to conduct security risks and audit analysis of associated critical systems, OT, Control Systems or headlines services; and
    • Implementing processes for dealing with and managing security incidents
    • Knowledge of ISO27001:2013 or IEC62443 series in critical infrastructure and challenges faced with introducing security controls
    • An effective and engaging communicator, with experience working effectively with key external stakeholders
    • Either holds or ability to achieve SC clearance

Desirable:

  • Certified to ISO27001 Implementer, GICSP, CRISC or equivalent
  • Experience of auditing in an ICS/OT environment
  • Knowledge of IEC62351 and/or NIST framework
  • Knowledge and/or exposure to SEC and SMETS1/SMETS2
  • Coordinating incident response internally and externally



Browse all skill types