Security Risk Specialist

As our Security Risk Specialist, you will design, develop and operate an effective and efficient Security Risk Management system serving all YTL Utilities UK and Wessex Water businesses and operations, integrated with the Risk Management systems of those companies.

What you'll do

You are responsible for developing and running a Security Risk Management system to identify, triage and manage security risk across all group companies and operations.   

The desired outcome is that YTL Utilities UK and Wessex Water companies are exemplars of risk-informed security management.    

As the Security Risk Specialist, you will be responsible for: 

• Devising and implementing a strategy for Security Risk Management across our OT, IT and Digital estates, meeting multiple standards for compliance (including NIS-R, ISO 27001 and SEMD) and incorporating cyber, physical and personnel security risks.
• Developing and implementing a Risk Management framework/model and guiding the selection of appropriate GRC tools.
• Planning and delivering a regular Security Risk Management Group (SRMG) function.
• Developing a framework, processes and tooling, and leading the management of Third-Party Security Risk arising from suppliers and partners.
• Developing and reporting against security metrics and KPIs, providing written and verbal briefs to senior leaders, Working Groups and the board.
• Actively developing the Security Risk Management knowledge and skills of Information Security colleagues and other YTL / WWSL colleagues when appropriate.
• Regularly seeking to refine the measurement, assessment and management of risk: includes improved deterministic risk assessment techniques and adoption of probabilistic assessment approaches (such as Monte Carlo modelling techniques).

What you'll need

• Significant experience in Security Risk Management in Government organisations, National Infrastructure and/or Critical National Infrastructure organisations or similar enterprises.
• Experience implementing Risk Management in large organisations.
• Experience in evaluating and managing third-party security risk.
• Experience of working to achieve and maintain compliance with the requirements of regulatory bodies.
• Strategic thinking, with the ability to deliver pragmatic solutions that address resource constraints, regulatory pressures and competing priorities.
• Ability to work independently and act as the primary subject-matter expert on security risk management within WWSL and YTL Group.
• A thorough understanding of risk management requirements within ISO 27001 and NIS-R is essential, with a good working knowledge of other security standards and frameworks such as NIST, JSP 440 and Cyber Essentials.  Working knowledge of ISO 31000 & ISO 27005 is an advantage.
• Current on the latest technology and security concepts, trends and issues.
• A highly effective written and verbal communicator at all levels, able to communicate our risks and WWSL's security risk management vision with passion and clarity to any audience.
• Adept at translating complex technical or security concepts into clear and jargon-free explanations and business language.
• Strong experience in mentorship and cross-training of colleagues.
• Knowledge of, and ability to work within, the constraints and day-to-day challenges faced by security teams. As such, security leadership experience in a similarly sized organisation is desirable.

What you'll receive

• A combined pension contribution of up to 20%.
• Career progression and professional development opportunities.
• 25 days' holiday rising to 28 with length of service.
• The opportunity to sell up to five days of holiday every year.
• The opportunity to buy up to ten days of holiday each year (subject to conditions).
• A healthcare package that allows you to claim back healthcare costs.
• Life assurance of up to eight times your salary.
• The opportunity to lease a new electric car through salary sacrifice (subject to conditions).
• Cashback and discounts from more than 3,000 retailers.
• One paid volunteering day each year.
• Enhanced family leave and pay arrangements.
• Access to an interactive health and wellbeing platform.
• Support from trained mental health first aiders.
• A £1,000 referral fee if you recommend someone who is successfully recruited by us.

Who we are

YTL UK is part of the international YTL Group based in Kuala Lumpur. The UK companies include:

• Wessex Water – one of the top-performing water and sewerage companies in England and Wales, serving 2.9 million people across the South West
• YTL Developments – a major UK developer currently redeveloping a 350-acre former airfield into an award-winning, exciting mix of houses, apartments, schools, commercial space, restaurants and hotels, to make a truly sustainable new community
• YTL Construction UK – a top 20 UK contractor providing fully integrated services to infrastructure, residential, commercial, industry, energy and environmental sectors
• YTL Arena – the development and operation of an entertainment complex that includes a 20,000 capacity arena, conferencing and exhibition space
• plus a number of other retail, environmental and specialist businesses.

Our people tell us that YTL UK is a great place to work, which is why so many of them stay with us! You will have a unique opportunity to develop and progress your career within such a diverse group.

We are passionate about diversity and inclusion – with that in mind, all applicants are welcome. We are delighted to have signed the Armed Forces Covenant and are a Disability Confident Employer.

If you require reasonable adjustments to be made during the recruitment process, please inform a member of our Recruitment team.