- Salary
- To be discussed
- Contract Type
- Permanent
- Contract Type
- Full Time
- Location
- Currently work from home - transitioning to Chorley office
Role Summary
ESG is a market leading provider of innovative technology and services to the utilities and energy industry. We are creating a more competitive utilities sector, improving our customer’s lives through better service and greater choice and guiding our clients through complex industry change. Our mission is to empower global energy leaders to deliver their future promise of energy. Our automated software as a service, expert services and data insight enable competitive leaders to attract customers, provide the best service, innovate constantly and unlock new technology benefits for customers both in the UK and overseas. To date, ESG has enabled a significant number of new entrant energy suppliers to enter the industry and we manage several million customers on behalf of suppliers and metering companies.
This role plays a large part in our global Information Security team and will provide an excellent opportunity to liaise with key external and internal stakeholders while strengthening our Information Security function.
You will work closely with both the Deputy CISO and our Chief Technology Officer (CTO) and their direct reports within ESG.
You will also find yourself working together with other ESG Information Security staff and liaising regularly with senior management at ESG. This is an opportunity to join and progress with a forward-thinking department.
Role Responsibilities
- Direct and deliver global Information Security Compliance activities, including both business-as-usual processes and improvement initiatives as planned on an annual basis
- Develop, implement, maintain, and oversee processes aimed at ensuring compliance with ESG security policies and procedures.
- Direct and provide support to regularly scheduled audits on ESG internal IT systems and supporting third-party or customer audits as required to maintain certifications, attestations, and other Information Security compliance-related status attributes for ESG.
- Conduct internal audits against conformity with the ISO 27001 and ISO 9001 standards
- Ensure provision of Information Security support for annual compliance audits, attestations, and certification programs as applicable to ESG IT infrastructure and systems, including: GDPR, ISO2700, ISO9001 and other applicable regional frameworks.
- Manage ISO 9001 and 27001 audits on behalf of the business, act as the point of contact for all ISO audit certification related enquiries.
- Direct the Corrective and Preventive Actions (CAPA) coordination process to ensure both regulatory issues and compliance-related information security issues identified are resolved and closed in a timely manner delivering a sustainable solution.
- Engage with and direct activities of third-party specialist service providers where necessary to support Information Security Compliance related activities
- Report regularly to the Deputy CISO and the CISO on the status of all Compliance-related activities including compliance processes metrics, issues, and remediation actions.
About You
- Working to tight deadlines.
- Analytical thinking and attention to detail.
- Good communication skills, both written and verbal.
- Must be able to work independently and as part of a team communicating with all levels of staff.
Qualifications, attributes & experience
- 3 – 5 years of managing compliance with a focus on ISO27001 and ISO9001.
Other
- ISO Responsibilities
- ISO Staff Awareness
- Follow IMS Policies
- Reporting of Incidents