Security Governance Risk and Assurance Manager

About the DCC:

At the DCC, we believe in making Britain more connected, so we can all lead smarter, greener lives. That desire to make a difference is what drives us every day and it wouldn’t be possible without our people. Each person at the DCC brings a special kind of power to the business, and if you join us, we’ll give you the means to unleash yours. Here, we depend on each other and hold each other accountable. You have the power to challenge and make change, to take the initiative and enjoy real responsibility. Whether it’s doing purposeful work, helping us grow or building the career you want – we’ll give you the support to do it all. Our secure network for smart meters is transforming Britain’s energy system and helping the country’s fight against climate change: we want you to be part of our journey.

The role:

The Information Security Assurance Manager is a hands-on, multi-disciplinary role combining project assurance, governance, risk management, and compliance. You will work across business units, projects, and suppliers to ensure security is embedded in everything we do—from design to delivery. You will also support the development and maintenance of our Information Security Management System (ISMS), lead internal audits, and provide expert guidance on risk mitigation and regulatory compliance.

Key Responsibilities:

Security Assurance & Project Engagement

Provide end-to-end security assurance across the Licence Renewal programme
Attend programme meetings to represent Information Security and provide expert guidance.
Review technical documentation (e.g., designs, network diagrams, data flows) to ensure alignment with security policies and architecture.
Conduct Information Security Impact Assessments and Data Protection Impact Assessments.
Support penetration testing and vulnerability assessments, tracking remediation to closure or handover to BAU.
Translate technical risks into business language for stakeholders.
Maintain alignment with ISO27001 and other frameworks (e.g., NIST).
Advise on compliance for staff, suppliers, and services.
Support procurement activities with security assessments and contract reviews.

Skills & Experience - Essential

Strong experience in Information Security across complex environments (e.g., outsourced, telecoms, energy).
Solid grasp of risk management methodologies (ISO27005, ISO31000).
Excellent communication skills—able to engage with technical and non-technical stakeholders.
Ability to work independently and collaboratively in a fast-paced environment.

Skills & Experience - Desirable

Recognised certifications: CISSP, CISM, CISA, CEH.
ISO27001 Lead Auditor / Implementer certification.
Knowledge of NIST Cybersecurity Framework and PKI.
Understanding of large public sector programmes.
Eligible for HMG SC clearance.

Personal Attributes

Analytical and detail-oriented with a proactive mindset.
Strong stakeholder engagement and influencing skills.
Able to prioritise effectively and remain calm under pressure.
Committed to continuous improvement and professional development.

Company benefits:

The DCC’s continued success depends on our people. It’s important to us that you enjoy coming to work, and feel healthy, happy and rewarded. In this role, you’ll have access to a range of benefits which you can choose from to create a personalized plan unique to your lifestyle.

If there are any questions you’d like to ask before applying, please contact [recruiter name, email address] or complete your application, so we can learn more about you. Your application will be carefully considered, and you’ll hear from us regarding its progress.

Join the DCC and discover the power of you