Principal Accountabilities
Information Security
- Develop, implement, and maintain information and cyber security policies, standards, and procedures
- Ensure alignment with recognized frameworks (ISO 27001, NIST CSF, CIS Controls)
- Conduct risk assessments across IT, cloud, and Operational Technology (OT) environments
- Support incident response planning and continuous improvement of security controls
- Embed secure-by-design principles into infrastructure and operational systems
Data Governance
- Establish and maintain an enterprise data governance framework
- Define and enforce data classification, handling, retention, and protection standards
- Ensure compliance with international data protection regulations including GDPR, UK Data Protection Act, and applicable US privacy laws
- Promote data ownership, stewardship, and accountability across business units
- Support data quality, integrity, and lifecycle management
Compliance & Regulatory Oversight
- Ensure compliance with applicable cybersecurity, data governance, and energy sector regulations
- Lead and support internal and external audit activities, including evidence collection and remediation tracking
- Maintain enterprise risk registers and compliance reporting
- Continuously monitor global cyber and data regulatory changes
- Assess impact of regulatory developments and update internal policies, standards, and procedures accordingly
- Ensure compliance is maintained across all regions of operation
Cybersecurity Awareness & Training
- Design and deliver enterprise cybersecurity awareness programmes
- Conduct phishing simulations and risk-based awareness campaigns
- Tailor training for corporate and operational (OT) environments
- Measure effectiveness and drive continuous improvement in user behaviour
Governance & Advisory
- Act as subject matter expert and advisor on security, governance, and compliance matters
- Administer and support third-party/vendor risk management programme
- Provide reporting and insights to leadership on security posture, regulatory changes, and risk exposure
- Contribute to the continuous improvement of governance, risk, and compliance (GRC) capability
- Member of change management board and contributor to change management process
Qualifications and Experience
Required
- Significant experience in information security, cybersecurity GRC, or IT governance roles
- Proven experience implementing data governance frameworks
- Strong understanding of international data protection and cybersecurity regulations
JOB DESCRIPTION
- Experience working within regulated environments
- Familiarity with ISO 27001, NIST, or equivalent frameworks
- Experience supporting audit and compliance processes
Desired
- Experience in the energy, utilities, or critical infrastructure sector
- Exposure to Operational Technology (OT) environments
- Professional certifications (e.g., CISSP, CISM, CRISC, CISA, CDMP)
- Experience with GRC tools (e.g., ServiceNow GRC, RSA Archer, MetricStream)
HSE Responsibilities
- Stop work by challenging and stopping unsafe acts and behaviours or unsafe conditions.
- Comply with Standard Operating Procedures defined in Responsibilities above, and company STOP WORK
system.
- Ensure that cybersecurity considerations support safe and reliable operational environments, particularly
within OT systems
Competencies
- Risk & Compliance Expertise: Strong understanding of regulatory and governance frameworks
- Analytical Thinking: Ability to assess and mitigate complex risks
- Stakeholder Engagement: Ability to influence across technical and business teams
- Communication: Clear communication of technical and regulatory requirements
- Autonomy: Operates independently with accountability for outcomes
- Continuous Improvement: Proactively adapts to changing regulatory and threat landscapes
Any Other Information
- This is a senior individual contributor role with no direct reports
- The role operates across multiple jurisdictions with varying regulatory requirements
