Risk & Controls Analyst

SSE has big ambitions to be a leading energy company in a low carbon world. Following our commitment to invest £20.5 billion in low carbon projects to 2027, we have significant growth plans and are well on our way to achieving our ambition to build a world that's more sustainable and inclusive for you, your family, the community you live in and for generations to come.

Join us on our journey to net zero and help us power change.

About the Role

Base Location: Glasgow, Perth, Reading or Havant.

Salary: £33,500 - £50,300 + performance-related bonus + a range of benefits to support your finances, wellbeing and family.

Working Pattern: Permanent | Full Time | Flexible First options available

What is the role?

Are you passionate about safeguarding IT systems, mitigating risks and developing controls? We are seeking a detail oriented Risk & Controls Analyst to play a vital role in identifying, assessing, and managing IT operational risk & controls. Working within the Group Technology Services (GTS) Risk & Compliance team, you will assess potential vulnerabilities, develop robust mitigation strategies, and ensure accurate reporting to senior stakeholders. Additionally, you'll champion a strong risk-aware culture by educating colleagues on best practices, all while leveraging the Group Enterprise Risk Management Framework to protect our systems and data from evolving threats.

Key Responsibilities include: 

- Risk Analysis: Assisting GTS stakeholders with IT operational risk assessments to identify potential vulnerabilities and threats to our IT systems and infrastructure. This involves analysing the impact and likelihood of risks and evaluating the effectiveness of existing controls using the Group Enterprise Risk Management Framework.

- Risk Mitigation: Working with the GTS Risk & Compliance Lead, Risk Manager, Compliance & Controls Manager and Risk Raisers and Owners to develop and suggest mitigation plans and strategies based on the analysed risk, to minimise their likelihood and impact. This may involve developing policies, procedures, and controls to address specific risks, such as data breaches, system failures, or cyber-attacks.

- Risk & Controls Reporting: Providing the GTS Risk & Compliance Lead, Risk Manager and Controls & Compliance Manager with up-to-date, accurate and reliable information on risk and their profile to feed in to monthly and quarterly reporting to senior management and stakeholders.

- Training and Awareness: Promote a Risk Culture to educate colleagues and stakeholders on IT risks and best practices. This includes promoting a culture of security awareness and ensuring that employees understand their role in protecting our IT systems and data.

What do I need?

Some important behaviours for a Risk & Controls Analyst include being detail-oriented, proactive, ethical, and having a strong sense of integrity. You should be able to prioritise tasks and work well under pressure. While pre-requisite knowledge of risk & controls management would be desirable, it is not essential. Having the following would help you succeed in this role:

- A solid background in information technology and an understanding of various IT systems, infrastructure, and technologies and how these interact with each other to effectively assess IT-related risks. Familiarity with cybersecurity, data protection, and IT governance frameworks would be beneficial such as ITIL, COBIT, ISO, NIS and NIST. 

- Analytical and Problem-Solving Skills: You need to be an analytical thinker who can assess complex situations, identify root causes, and propose effective solutions. Strong problem-solving skills are necessary to analyse IT risks in a proactive and systematic manner.

- Communication and Collaboration: Effective communication skills are vital; you will be interacting with stakeholders at all levels of the organisation. You must be able to articulate complex IT risks and their impacts in a clear and concise manner. Collaboration skills are also important for working with cross-functional teams, such as IT, legal, compliance, security and senior leadership.

- Adaptability and Continuous Learning: The IT landscape is constantly evolving, and new risks and technologies emerge regularly. A Risk Analyst should be adaptable to change and willing to continuously update their knowledge and skills. Staying informed about emerging threats, industry best practices, and regulatory changes is essential to effectively analyse and manage IT risks.

About our Business

SSE IT underpins the technology needs of all the different businesses that make up the SSE group. From emerging technologies to data and analytics to cyber security - we power SSE's growth and enable it to generate value, while keeping it secure. As a trusted business partner that helps SSE lead in a low carbon world, we are proud of our service. Working for SSE IT is all about equipping SSE for now and the future.

What's in it for you?

We offer an excellent package with 34 days annual leave entitlement. Enhanced maternity/paternity leave, discounted healthcare, salary sacrifice car leasing and much more, view our full benefits package on our careers site.

As an equal opportunity employer we encourage diversity and are committed to creating an inclusive environment for all employees. We encourage applicants from all protected characteristics and commit to providing any reasonable adjustments you need during the application, assessment and upon joining SSE. Search for 'Inclusion & Diversity at SSE' to find out more.

Further actions

All applications should be made online, and I'll be back in touch after the vacancy closing date to let you know the outcome.

If you would like to discuss any working flexibly requirements or adjustments you may require throughout the recruitment and selection process, please contact David on David.Brickell@sse.com / 01738 275846.

Before commencing your role with SSE, you'll need to complete our pre-employment screening process. This will consist of a criminality and credit check.

#LI-DB1

#LI-Hybrid