Regions
Location
- Warwick, Warwickshire
Disciplines
Job types
- Permanent
Salary
£60000 - £62000 per annum
Functions
- Analyst
Seniority
- Mid-level
Technologies
- AWS
Job reference
BBBH105250_1725361639
OT Risk Analyst (Warwick)
Job Purpose:
- Responsible for managing, leading, controlling, and supporting the GT&M Security Risk process, inclusive of physical, OT, CNI and IT environments.
- Managing and developing a new GT&M security risk framework covering business, supply chain and operational risk management
- Representing security risk on the central GT&M enterprise risk working group
- Ensuring stakeholders are fully engaged with the security risk framework, including senior leaders
- Collating various metrics and systems including business, IT and Systems Operator and Transmission Operator risk to provide a single risk view
- Adhering to all Gas Transmission and Metering IT and Security Risk standards and procedures as determined by the GT&M risk governance team.
- Define Risk Management Information and Key Risk Indicators for all levels of the business.
- Point of contact for periodic risk assessments and risk audits with external government entities, including NIS annual assessments.
- Identifying new or changed risks including risk mitigation steps as part of a cohesive risk management plan.
Key Accountabilities:
- plan, design and implement an overall security risk management process in line with CISO expectations
- undertake risk assessments, analysing risks, identifying and estimating risk criteria
- evaluate risk by benchmarking estimated risks with established risk criteria
- establish and quantify Security and Business Risk appetite
- report risk at various levels and for differing audiences
- liaise with external risk governance including risk obligations under the NIS Regulations (CAF)
- provide risk analysis to support regulatory submissions
- liaise with legal, procurement and contract business functions supporting customer and supplier risk assessments
- provide risk insight for company insurance policies including IT and cyber risk
- conduct policy and process assessments and audits
- provide support, education and training advice to build risk awareness
- support risk reduction programmes and monitor and define benefits realisation
Previous Knowledge and Experience:
- A good extensive knowledge of Risk Management including the establishment of new risk management frameworks
- An understanding of Business, IT and Cyber risk
- Has proven leadership, stakeholder management, communication and presentation skills
- A good track record of delivering complex problem solving with resilience and ability to cope under pressure
- Demonstratable technical acumen, analytical and planning skills with a focus on detail
- Commercial and financial awareness
- CISM, IRM, IIA or equivalent experience