IT Risk & Compliance Manager

Do you want to make an impact within a growing, ambitious IT department? Do you have experience in implementing and maintaining information security risk assessment, risk management, risk treatment policies?

If so, this is the opportunity for you!

Opus Energy, part of the Drax group, is a leading independent supplier of gas and electricity to businesses across the UK. With over 315,000 customers and circa 900 employees spread across modern offices in Oxford, Northampton and Cardiff, we’re a dynamic and innovative organisation. Due to continued growth in our IT department we are looking to recruit an IT Risk and Compliance Manager to join our team in Northampton.

In this role you will work closely with Business Change to ensure that projects have structured risk governance making sure risks are controlled, managed and risk treatment implemented in a consistent and auditable manner, in accordance with company policy. The post holder will be responsible for ensuring IT project teams have appropriate risk management and risk treatment controls embedded within their delivery schedule.

You will provide direction in respect of risk assessment, risk management, good practice compliance, governance and risk treatment and document and rollout IT risk management policy for compliance and governance across  IT, projects and support audits, technical design authority and change advisory boards . You'll provide strong central oversight to deliver consistency and quality in risk management compliance work across the IT function, Drax group and wider business including the supply chain.

You will lead the quarterly risk meetings with key stakeholders, communicating all IT related business risk and mitigation and be responsible for driving the delivery of mandatory risk management requirements to support compliance with the Smart Energy Code (SEC) as well as being responsible for representing Opus Energy during regulatory compliance audits and providing compliance evidence requirements to regulatory audit and inspection teams. Importantly you'll perform information security risk assessments in compliance with ISO 27005.

You will need  a professional certification in risk management (eg IRM, ISACA, etc) or equivalent academic qualification and experience of delivering regulatory risk management compliance activities (ISO27005, SEC, or similar regulatory requirements).

If this sounds of interest and you want to join a rapidly expanding IT department during an exciting period, we look forward to hearing from you.