Senior Compliance Manager - London
The role will be working in the CA function reporting to the Head of CA Assurance.
The key purpose of this role is to monitor, support, report and instruct against the regulatory framework to ensure operational systems and networks, owned and/or managed by Operators of Essential Services, in the energy sector in Great Britain, remain resilient against cyber and related security threats.
- Accompany the auditors during inspections and record findings
- Randomly conduct audit inspection of operators or on new audit request
- Demystify subjectivity between the auditors
- Manage the auditor pool in assigning, scheduling and prioritising audits providing clear plans/instructions to meet timely inspections.
- Maintain a record of all audit inspections, managing the inspection reports, providing analysis and outcomes.
- Provide scrutiny of audit reports; assessment reports, improvement plans and incident reports.
- Support the drafting or review of the framework, policies, procedures, risk assessments where necessary for Ofgem to operate as Competent Authority.
- Engage with government bodies and attend forum and events to understand threat landscape for sector.
- Escalate non-compliance and offer advice to support a balanced penalty process.
- Collate and formulate sector wide risk view.
- Record outputs and decisions from audits and meetings, including, any incidents, which may form part of an enforcements process.
- Provide compliance on Smart Metering programme, including but not limited to, monitoring supplier compliance, monitoring the governance board; monitoring and contributing to any proposals for modifications/changes; develop briefing for governance board and sharing intelligence with OGD stakeholders.
Skills / Experience
- 3 years' minimum experience in security auditing/inspection.
- Educated to Degree level or equivalent in a cyber, engineering or technology-based discipline or equivalent.
- Hold one or more professional qualifications in ISO27001:2013 Lead Auditor, CISA or equivalent.
- Must demonstrate that you have recent and relevant skills and experience in all the following areas:
- Conducting audit inspections of environment for critical national systems, IT, IS, OT or national headline services;
- Performing security risk assessments;
- Written and reviewed audit reports and Risk Treatment Plans (RTP)
- Ability to conduct security risks and audit analysis of associated critical systems, OT, Control Systems or headlines services; and
- Implementing processes for dealing with and managing security incidents
- Knowledge of ISO27001:2013 or IEC62443 series in critical infrastructure and challenges faced with introducing security controls
- An effective and engaging communicator, with experience working effectively with key external stakeholders
- Either holds or ability to achieve SC clearance
- Certified to ISO27001 Implementer, GICSP, CRISC or equivalent
- Experience of auditing in an ICS/OT environment
- Knowledge of IEC62351 and/or NIST framework
- Knowledge and/or exposure to SEC and SMETS1/SMETS2
- Coordinating incident response internally and externally