Summary: The Cyber Risk and Assurance Analyst role at Scottish Power involves supporting the Cyber Governance, Risk and Assurance team in delivering Cyber Risk and Assurance services. The position focuses on conducting cyber risk assessments, managing third-party risks, and ensuring compliance with regulatory requirements. Analysts will engage with various stakeholders to track and report on risk management activities and assurance plans. This is a critical role for a 3-month project based in Glasgow.

Key Responsibilities:

• Conduct comprehensive BAU and Change Delivery cyber risk assessments for SPEN IT and OT assets.
• Coordinate approval of cyber risk assessments and strategies by stakeholders.
• Track and support delivery of mitigation or treatment strategies.
• Maintain the Cyber Risk Register with regular reviews and reporting.
• Produce risk reports for stakeholder groups.
• Develop CAF Assurance Plans and conduct planned assurance activities.
• Support Capability and Control Owners with self-assessments.
• Deliver Cyber Risk training, including methodology and tooling.

Key Skills:

• Minimum 2 years’ experience in cyber risk assessments and/or cyber assurance activities.
• Professional qualification in cyber risk management, audit, or compliance (e.g., CRISC, CISA) desirable.
• Experience with structured management systems, including ISO27001.
• Understanding of IT and OT cybersecurity principles and frameworks (e.g., NCSC CAF, NIST CSF).
• Awareness of regulatory requirements such as NIS Regulation.
• Experience with Archer GRC solution or other GRC solutions desirable.
• Excellent analytical, problem-solving, and communication skills.
• Ability to work collaboratively in a cross-functional team environment.
• High integrity and emotional maturity.

Salary (Rate): undetermined

City: Glasgow

Country: Scotland

Working Arrangements: undetermined

IR35 Status: undetermined

Seniority Level: undetermined

Industry: Other