Information Security & Data Governance Lead (UK)

Principal Accountabilities Information Security

• Develop, implement, and maintain information and cyber security policies, standards, and procedures
• Ensure alignment with recognized frameworks (ISO 27001, NIST CSF, CIS Controls)
• Conduct risk assessments across IT, cloud, and Operational Technology (OT) environments
• Support incident response planning and continuous improvement of security controls
• Embed secure-by-design principles into infrastructure and operational systems Data Governance
• Establish and maintain an enterprise data governance framework
• Define and enforce data classification, handling, retention, and protection standards
• Ensure compliance with international data protection regulations including GDPR, UK Data Protection Act, and applicable US privacy laws
• Promote data ownership, stewardship, and accountability across business units
• Support data quality, integrity, and lifecycle management Compliance & Regulatory Oversight
• Ensure compliance with applicable cybersecurity, data governance, and energy sector regulations
• Lead and support internal and external audit activities, including evidence collection and remediation tracking
• Maintain enterprise risk registers and compliance reporting
• Continuously monitor global cyber and data regulatory changes
• Assess impact of regulatory developments and update internal policies, standards, and procedures accordingly
• Ensure compliance is maintained across all regions of operation Cybersecurity Awareness & Training
• Design and deliver enterprise cybersecurity awareness programmes
• Conduct phishing simulations and risk-based awareness campaigns
• Tailor training for corporate and operational (OT) environments
• Measure effectiveness and drive continuous improvement in user behaviour Governance & Advisory
• Act as subject matter expert and advisor on security, governance, and compliance matters
• Administer and support third-party/vendor risk management programme
• Provide reporting and insights to leadership on security posture, regulatory changes, and risk exposure
• Contribute to the continuous improvement of governance, risk, and compliance (GRC) capability
• Member of change management board and contributor to change management process Qualifications and Experience Required
• Significant experience in information security, cybersecurity GRC, or IT governance roles
• Proven experience implementing data governance frameworks
• Strong understanding of international data protection and cybersecurity regulations JOB DESCRIPTION
• Experience working within regulated environments
• Familiarity with ISO 27001, NIST, or equivalent frameworks
• Experience supporting audit and compliance processes Desired
• Experience in the energy, utilities, or critical infrastructure sector
• Exposure to Operational Technology (OT) environments
• Professional certifications (e.g., CISSP, CISM, CRISC, CISA, CDMP)
• Experience with GRC tools (e.g., ServiceNow GRC, RSA Archer, MetricStream) HSE Responsibilities
• Stop work by challenging and stopping unsafe acts and behaviours or unsafe conditions.
• Comply with Standard Operating Procedures defined in Responsibilities above, and company STOP WORK system.
• Ensure that cybersecurity considerations support safe and reliable operational environments, particularly within OT systems Competencies
• Risk & Compliance Expertise: Strong understanding of regulatory and governance frameworks
• Analytical Thinking: Ability to assess and mitigate complex risks
• Stakeholder Engagement: Ability to influence across technical and business teams
• Communication: Clear communication of technical and regulatory requirements
• Autonomy: Operates independently with accountability for outcomes
• Continuous Improvement: Proactively adapts to changing regulatory and threat landscapes Any Other Information
• This is a senior individual contributor role with no direct reports
• The role operates across multiple jurisdictions with varying regulatory requirements