Risk & Controls Analyst

SSE Enterprise
Glasgow
2 months ago
Applications closed

Related Jobs

View all jobs

IT Risk & Contols Analyst

IS Analyst ( Risk)

IS Analyst ( Risk)

Information Security Analyst ( Hybrid / Southampton )

Identity Security Analyst

Cyber Security Analyst

Risk & Controls Analyst
  • 551049
  • Closing at: Jan 22 2025 at 23:55 GMT

SSE has big ambitions to be a leading energy company in a low carbon world. Following our commitment to invest £20.5 billion in low carbon projects to 2027, we have significant growth plans and are well on our way to achieving our ambition to build a world that's more sustainable and inclusive for you, your family, the community you live in and for generations to come.

Join us on our journey to net zero and help us power change.

About the Role

Base Location:Glasgow, Perth, Reading or Havant.

Salary:£33,500 - £50,300 + performance-related bonus + a range of benefits to support your finances, wellbeing and family.

Working Pattern:Permanent | Full Time | options available

What is the role?

Are you passionate about safeguarding IT systems, mitigating risks and developing controls? We are seeking a detail oriented Risk & Controls Analyst to play a vital role in identifying, assessing, and managing IT operational risk & controls. Working within the Group Technology Services (GTS) Risk & Compliance team, you will assess potential vulnerabilities, develop robust mitigation strategies, and ensure accurate reporting to senior stakeholders. Additionally, you'll champion a strong risk-aware culture by educating colleagues on best practices, all while leveraging the Group Enterprise Risk Management Framework to protect our systems and data from evolving threats.

Key Responsibilities include:

- Risk Analysis: Assisting GTS stakeholders with IT operational risk assessments to identify potential vulnerabilities and threats to our IT systems and infrastructure. This involves analysing the impact and likelihood of risks and evaluating the effectiveness of existing controls using the Group Enterprise Risk Management Framework.

- Risk Mitigation: Working with the GTS Risk & Compliance Lead, Risk Manager, Compliance & Controls Manager and Risk Raisers and Owners to develop and suggest mitigation plans and strategies based on the analysed risk, to minimise their likelihood and impact. This may involve developing policies, procedures, and controls to address specific risks, such as data breaches, system failures, or cyber-attacks.

- Risk & Controls Reporting: Providing the GTS Risk & Compliance Lead, Risk Manager and Controls & Compliance Manager with up-to-date, accurate and reliable information on risk and their profile to feed in to monthly and quarterly reporting to senior management and stakeholders.

- Training and Awareness: Promote a Risk Culture to educate colleagues and stakeholders on IT risks and best practices. This includes promoting a culture of security awareness and ensuring that employees understand their role in protecting our IT systems and data.

What do I need?

Some important behaviours for a Risk & Controls Analyst include being detail-oriented, proactive, ethical, and having a strong sense of integrity. You should be able to prioritise tasks and work well under pressure. While pre-requisite knowledge of risk & controls management would be desirable, it is not essential. Having the following would help you succeed in this role:

- A solid background in information technology and an understanding of various IT systems, infrastructure, and technologies and how these interact with each other to effectively assess IT-related risks. Familiarity with cybersecurity, data protection, and IT governance frameworks would be beneficial such as ITIL, COBIT, ISO, NIS and NIST.

- Analytical and Problem-Solving Skills: You need to be an analytical thinker who can assess complex situations, identify root causes, and propose effective solutions. Strong problem-solving skills are necessary to analyse IT risks in a proactive and systematic manner.

- Communication and Collaboration: Effective communication skills are vital; you will be interacting with stakeholders at all levels of the organisation. You must be able to articulate complex IT risks and their impacts in a clear and concise manner. Collaboration skills are also important for working with cross-functional teams, such as IT, legal, compliance, security and senior leadership.

- Adaptability and Continuous Learning: The IT landscape is constantly evolving, and new risks and technologies emerge regularly. A Risk Analyst should be adaptable to change and willing to continuously update their knowledge and skills. Staying informed about emerging threats, industry best practices, and regulatory changes is essential to effectively analyse and manage IT risks.

About our Business

SSE IT underpins the technology needs of all the different businesses that make up the SSE group. From emerging technologies to data and analytics to cyber security - we power SSE's growth and enable it to generate value, while keeping it secure. As a trusted business partner that helps SSE lead in a low carbon world, we are proud of our service. Working for SSE IT is all about equipping SSE for now and the future.

What's in it for you?

We offer an excellent package with 34 days annual leave entitlement. Enhanced maternity/paternity leave, discounted healthcare, salary sacrifice car leasing and much more, view our full benefits package

As an equal opportunity employer we encourage diversity and are committed to creating an inclusive environment for all employees. We encourage applicants from all protected characteristics and commit to providing any reasonable adjustments you need during the application, assessment and upon joining SSE. Search for '' to find out more.

Further actions

All applications should be made online, and I'll be back in touch after the vacancy closing date to let you know the outcome.

If you would like to discuss any working flexibly requirements or adjustments you may require throughout the recruitment and selection process, please contact David on / .

Before commencing your role with SSE, you'll need to complete our pre-employment screening process. This will consist of a criminality and credit check.

#LI-DB1

#LI-Hybrid


Our Benefits

  • Sharesave Scheme
  • 34 days of annual leave
  • Option to purchase up to 10 days holiday
  • Interest-free technology loans
  • 24/7 free and confidential employee counselling service
  • Private healthcare discounts
  • Subsidised gym memberships
  • 21 weeks full pay maternity leave
  • Cycle to Work scheme with generous £2500 limit
  • Interest-free salary advance to cover transport season tickets

 

Get the latest insights and jobs direct. Sign up for our newsletter.

By subscribing you agree to our privacy policy and terms of service.

Industry Insights

Discover insightful articles, industry insights, expert tips, and curated resources.

Tips for Staying Inspired: How Cyber Security Pros Fuel Creativity and Innovation

Cyber security professionals face a rapidly changing digital landscape, where new threats emerge almost daily and the stakes—protecting critical data, safeguarding personal privacy, and defending entire infrastructures—could not be higher. It’s easy to be consumed by vulnerability scans, incident response workflows, and endless compliance checks. Yet, thriving in this high-pressure environment demands more than just technical know-how. It also requires creativity and innovation, which enable you to stay one step ahead of potential attackers. So how do cyber security experts remain inspired and agile, even when the challenges can feel relentless? Below, we’ll explore ten actionable strategies to help security analysts, threat hunters, penetration testers, and security engineers maintain fresh perspectives and keep innovating. If you’re looking to sharpen your problem-solving skills and rediscover the spark that drew you to cyber security in the first place, these tips can guide you toward a more fulfilling and impactful career.

Top 10 Cyber Security Career Myths Debunked: Key Facts for Aspiring Professionals

In a hyper-connected world, cyber security is no longer an afterthought—it’s a core component of modern business, government, and everyday life. From stopping ransomware attacks to safeguarding personal data, cyber security professionals shoulder a vital responsibility: keeping digital systems, networks, and data safe. Unsurprisingly, the demand for skilled cyber security talent continues to surge, offering robust and often lucrative career paths. Yet, despite the industry’s prominence, myths and misconceptions about cyber security careers abound. Is it really just about hacking? Do you need to be a superhuman coder with years of experience? Or is cyber security just a niche field, reserved for tech giants? At CyberSecurityJobs.tech, we see firsthand how these myths deter capable individuals from entering or advancing in one of the most dynamic fields in tech. This article aims to bust the top 10 cyber security career myths—providing clear, evidence-based insights into what it really takes to thrive in this ever-evolving domain. Whether you’re a recent graduate exploring the field, a mid-career professional seeking a pivot, or simply curious about the prospects, read on to discover the true breadth and promise of cyber security careers.

Global vs. Local: Comparing the UK Cyber Security Job Market to International Landscapes

Understanding opportunities, salaries, and work culture in cyber security across the UK, the US, Europe, and Asia Cyber security has rapidly ascended from a back-office concern to a strategic priority for every industry. As data breaches, ransomware, and nation-state attacks increase in frequency and sophistication, organisations worldwide are racing to fortify their digital defences. This ongoing surge in cyber threats fuels an unprecedented demand for skilled security professionals—ranging from penetration testers and threat intelligence analysts to cloud security architects and CISOs. In this article, we’ll explore how the UK cyber security job market compares to major international hubs in the United States, Europe, and Asia. We’ll discuss job opportunities, salary bands, work culture, and provide guidance for those who might be contemplating remote or overseas positions. By understanding the nuances of each region’s cyber security ecosystem, you can make a more informed decision about where and how to advance your career in this high-impact, fast-evolving sector. Whether you’re a seasoned expert with years of experience or a career-changer eager to break into cyber security, this overview will help you navigate the global landscape. By the end, you’ll have a clearer perspective on each region’s advantages and challenges—along with practical insights for seizing the best opportunities in a field that has become mission-critical for every modern organisation.