Head of Cyber Governance, Risk and Compliance

Head of Cyber Governance, Risk and Compliance

London | Hybrid | Full-time | Personal Contract

Competitive pension scheme – Enhanced maternity/paternity pay – Life assurance – Holiday Plus – Cycle2work Scheme & more

REQ
5121

As a strategic leader in Governance, Risk and Compliance, you will guide SGN’s cyber security and regulatory approach, ensuring our operations remain secure, resilient and fully compliant.

• Lead and manage the GRC team, aligning cyber and business goals while ensuring compliance with NIS-R, ISO
  27001/2, and NIST-2.
• Oversee delivery plans, resource allocation, and stakeholder engagement for GRC initiatives.

• Develop and maintain SGN’s Information Security training and awareness materials.
• Integrate lessons learned from incidents and address feedback from training delivery.

• Maintain a robust portfolio of security policies, standards, and procedures to support ISO
  27001, NIST, and NIS eCAF compliance.
• Ensure policies are current, reviewed regularly, and approved by key stakeholders.
• Manage SGN’s Information Security Management System (ISMS) and policy exceptions.

• Monitor and report on compliance across SGN and third-party partners.
• Lead assurance reviews and support internal/external audits for ISO
  27001, NIST, and NIS.
• Own NIS submissions to OFGEM and support regulatory consultations and audits.

• Oversee risk assessments and reporting across Cyber, OT, and Gas Control.
• Establish and enforce risk management processes and reporting to the CISO.

• Provide expert advice on information security risks and controls.
• Maintain relationships with external bodies and represent SGN in relevant forums.

• Oversee security performance indicators and ensure timely reporting to internal and external stakeholders.
• Manage bi-monthly phishing tests and remediation actions.

• Ensure compliance with legal and regulatory changes, advising on business impact.
• Support funding documentation for RIIO2 & RIIO3 programmes.
• Track and report on audit actions and outcomes

Required Qualifications

• The individual should be educated to degree level in a relevant discipline. Must be one of CISM/CISSP/CISA/TOGAF/CRISC.
• Must have 5 years’ cyber security experience.
• Must have proven expertise in Compliance Management, Information Security Risk and Audit.
• Individual Competencies
• Excellent understanding and hands‑on experience of working with Regulators and providing compliance updates for an OT environment.
• Excellent understanding of the NIS Regulations and the NCSC Cyber Assessment Framework.
• Good understanding and practical experience of Cyber Security Frameworks and standards such as NCSC security principles, NIST Framework, ISO 27001, ISO
  27005, IEC
  62443 etc.
• Excellent command of written English.
• Strong interpersonal and relationship building skills.
• The role will require Security Clearance.

If you require any accommodations or support during the application process, reach out to us. We’re here to help ensure an inclusive and accessible experience for everyone.