Go to job search

GRC Engineer

OVO

GRC Engineer

£76038

OVO, Blythswood New Town, Glasgow City

  • Full time
  • Permanent
  • Remote working

Posted 4 weeks ago, 22 Aug | Get your application in now before you miss out!

Closing date: Closing date not specified

job Ref: 1714c501163342d1b9537fe8c0a096f2

Full Job Description

  • OVO teams are comfortable taking accountability and ownership for security, as well as instilling best-in-class security practices (e.g. automated verifiable application and cloud security and DevOps-forward ways of working)

  • High trust relationships with engineering teams, their security leads and domain leads to ensure information security policy touches every part of our technology platform and product ecosystem

  • Collaboration with data / financial / privacy and other governance personnel to ensure policies are accurately encoded and faithfully executed and to provide simple and useful dashboarding / reporting systems

  • Recognition from a team of bright, passionate analysts and engineers that you have a clear focus on ensuring OVO has an outstanding capability to identify and reduce downside risk thereby improving OVO's chances of success


    • Systems: Experience building integrations, workflows, actionable insights and operating models based on the following technologies and platforms would be advantageous (we are not expecting candidates to have experience in all these platforms):
  • GRC platforms (Hyperproof)

  • Third Party Risk and Contract Management (Prevalent)

  • Cloud Native Application Protection and Cloud Security Posture Management (Wiz)

  • GCP, AWS and Azure native security and compliance monitoring

  • SaaS discovery, event monitoring and security posture management

  • Identity and Access Management and Privileged Access Management platforms

  • Application Security Verification Standard and related technologies

  • Zero Trust Network Access Solutions

  • Security Information and Event Management and Security Orchestration and Automated Response (Google SecOps)

  • Endpoint, Cloud and Identity Detection and Response

  • Issue and Project Tracking (Jira)

  • Cyber Asset and Attack Surface Management

  • Infrastructure Vulnerability Scanning


    • You'll be a successful Security GRC Engineer at OVO if you…
  • A creator: You're a hands-on Senior Engineer who takes a user-centered design approach to build and administer automated security verification workflows; you lead by example, leveraging APIs and policy agents to pull and/or aggregate data from various sources, combining sources to enrich and inform GRC.

  • A challenger: you embrace failure and do not shy away from difficult conversations in order to drive business and cyber risk strategy and security architecture alignment. You are a champion for clarity about boundaries of responsibility for security work.

  • A coach: you inspire your team and provide examples, practical support and approaches to integrate with the business to educate, advise and influence activities with cyber risk implications. You help innovate and instigate change to manage risk.

    At OVO, we understand that a one size fits all approach doesn't work for everyone. That's why we created the OVO Way of Flexibility.


    • All our roles are hub based (Bristol, Glasgow or London), providing a dedicated space for collaboration, connection and teamwork. You'll also have the flexibility to work from home.

    Everyone belongs at OVO

    At OVO, we are on a mission to solve one of humanity's biggest challenges, the climate crisis. And we know it takes all of us to change the world. That's why we need diverse people from all abilities, gender identities, ethnicities, ages, sexual orientations, life experiences and backgrounds to join us.

    Teamworking for the planet

    Everything we do here spins around Plan Zero. So, naturally, the team you'll be joining plays a gigantic role in making that happen. Here's how:

    We're hiring creators, challengers and coaches. Every role puts people at the heart of our information security strategy and uses technology and operational processes to build a resilient and performant business. The Path to Zero is paved with well-informed risk and reward decisions!

    This role in a nutshell:

    You'll build and operate information security policy as code services aimed at ensuring information security control coverage and effectiveness are accurately evidenced and as automated as possible. The services will take a risk-based ISO27001 compliant approach, ensuring governance processes stay out of the way of low risk activities and providing simple and intuitive navigation for high-risk activities.

    This is a hands-on engineering role where you and your team will ensure that information security governance and policy-as-code propagate throughout our entire OVO ecosystem. You'll build tools and dashboards for control owners and OVO leadership to aid policy authoring and testing as well as monitoring and reporting activities.

    Your key outcomes will be

    We'll pay you between £52,800 - £76,038, depending on your specific skills and experience. If your expectations are a little different, have a chat with us!

    We keep our pay ranges broad on purpose to give us, and you, flexibility to match your experience to our zero carbon mission.

    You'll be eligible for an on-target bonus of 15%. We have one OVO bonus plan that focuses on the collective performance of our people to deliver our Plan Zero goal.

    We also offer plenty of green benefits and progressive policies to help you feel like you belong at OVO…and there's flex pay. It's an extra 9% of your salary on top of your core pay to use as you like. You can take it as cash, add to your pension, or choose to spend it on a huge range of flex benefits.

    Here's a taster of what's on offer:

    For starters, you'll get 34 days of holiday (including bank holidays).

    For your health
    With benefits like a healthcare cash plan or private medical insurance depending on your career level, critical illness cover, life assurance, health assessments, and more
    For your wellbeing
    With gym membership, gadget, travel and cyber insurance, workplace ISA, will writing services, DNA testing, dental insurance, and more
    For your lifestyle
    With extra holiday buying, discount dining, culture cards, tech loans, and supporting your favourite charities with give-as-you-earn donations

    For your home
    Get up to £300 off any OVO Energy plan (when you pay by Direct Debit), plus personal carbon offsetting and great discounts on smart thermostats and EV chargers
    For your commute
    Nab a great deal on ultra-low emission car leasing, plus our cycle to work scheme and public transport season ticket loans

    Want to hear about our full range of flexible benefits and progressive people policies? Our People Team can tell you everything you need to know.

    For your Belonging

    To find better ways to support our people, we need to listen to each other's experiences and find ways to build a truly inclusive and diverse workplace. As part of this, we have 8 Belonging Networks at OVO. Led by our people, for our people - so when you join OVO, you can play a part - big or small - with any of the Networks. It's up to you.