Information Security & Data Governance Lead (UK)
Aberdeen City, Scotland
Posted 5 days ago
About the role
Principal Accountabilities
- Information Security
- Develop, implement, and maintain information and cyber security policies, standards, and procedures
- Ensure alignment with recognized frameworks (ISO 27001, NIST CSF, CIS Controls)
- Conduct risk assessments across IT, cloud, and Operational Technology (OT) environments
- Support incident response planning and continuous improvement of security controls
- Embed secure-by-design principles into infrastructure and operational systems
- Data Governance
- Establish and maintain an enterprise data governance framework
- Define and enforce data classification, handling, retention, and protection standards
- Ensure compliance with international data protection regulations including GDPR, UK Data Protection Act, and applicable US privacy laws
- Promote data ownership, stewardship, and accountability across business units
- Support data quality, integrity, and lifecycle management
- Compliance & Regulatory Oversight
- Ensure compliance with applicable cybersecurity, data governance, and energy sector regulations
- Lead and support internal and external audit activities, including evidence collection and remediation tracking
- Maintain enterprise risk registers and compliance reporting
- Continuously monitor global cyber and data regulatory changes
- Assess impact of regulatory developments and update internal policies, standards, and procedures accordingly
- Ensure compliance is maintained across all regions of operation
- Cybersecurity Awareness & Training
- Design and deliver enterprise cybersecurity awareness programmes
- Conduct phishing simulations and risk-based awareness campaigns
- Tailor training for corporate and operational (OT) environments
- Measure effectiveness and drive continuous improvement in user behaviour
- Governance & Advisory
- Act as subject matter expert and advisor on security, governance, and compliance matters
- Administer and support third-party/vendor risk management programme
- Provide reporting and insights to leadership on security posture, regulatory changes, and risk exposure
- Contribute to the continuous improvement of governance, risk, and compliance (GRC) capability
- Member of change management board and contributor to change management process
Qualifications and Experience
- Required
- Significant experience in information security, cybersecurity GRC, or IT governance roles
- Proven experience implementing data governance frameworks
- Strong understanding of international data protection and cybersecurity regulations
- Experience working within regulated environments
- Familiarity with ISO 27001, NIST, or equivalent frameworks
- Experience supporting audit and compliance processes
- Desired
- Experience in the energy, utilities, or critical infrastructure sector
- Exposure to Operational Technology (OT) environments
- Professional certifications (CISSP, CISM, CRISC, CISA, CDMP)
- Experience with GRC tools (ServiceNow GRC, RSA Archer, MetricStream)
HSE Responsibilities
- Stop work by challenging and stopping unsafe acts and behaviours or unsafe conditions.
- Comply with Standard Operating Procedures defined in Responsibilities above, and company STOP WORK system.
- Ensure that cybersecurity considerations support safe and reliable operational environments, particularly within OT systems
Competencies
- Risk & Compliance Expertise: Strong understanding of regulatory and governance frameworks
- Analytical Thinking: Ability to assess and mitigate complex risks
- Stakeholder Engagement: Ability to influence across technical and business teams
- Communication: Clear communication of technical and regulatory requirements
- Autonomy: Operates independently with accountability for outcomes
- Continuous Improvement: Proactively adapts to changing regulatory and threat landscapes
Any Other Information
- This is a senior individual contributor role with no direct reports
- The role operates across multiple jurisdictions with varying regulatory requirements
About this listing
Screened by Joboru
This role passed our automated spam and quality filters and was active in our feed when last checked. Joboru is an aggregator — here is how we screen listings. If anything looks off, tell us.
Similar jobs you may like
IT Technician IT Technician
1 day agoNational Museums Scotland
IT Technicians
1 day agoNational Museums Scotland
Senior IT Technician
1 day agoHarris Federation Head Office
Full Stack Developer
1 day agoSpectrum It Recruitment Limited
Business Development Executive
1 day agoMTrec Recruitment
Technical Delivery Manager - Windows 365 Deployment
1 day agoECS
Senior Solutions Architect, AWS Startups
1 day agoAmazon
Sr. Applied AI Solutions Architect, Amazon Connect
1 day agoAmazon
Embedded Linux Engineer
1 day agoHarvey Nash