GRC Engineer
Role OVO-View
Team: Attack Surface Management (Cyber Defence)
Salary banding: £52,800 - £76,038
Experience: Experienced
Working pattern:Full-Time
Reporting to: Mollie Chard - Head of Cyber Defence
Sponsorship: Unfortunately we are unable to offer sponsorship for this role.
This role in 3 words: This role in 3 words: Creator, Problem-solver, Collaborative
Top 3 qualities for this role: Collaborative, Integrity and Problem-Solving Oriented
Where you’ll work:
At OVO, we understand that a one size fits all approach doesn’t work for everyone. That’s why we created the OVO Way of Flexibility.
All our roles are hub based (Bristol, Glasgow or London), providing a dedicated space for collaboration, connection and teamwork. You’ll also have the flexibility to work from home.
Everyone belongs at OVO
At OVO, we are on a mission to solve one of humanity's biggest challenges, the climate crisis. And we know it takes all of us to change the world. That's why we need diverse people from all abilities, gender identities, ethnicities, ages, sexual orientations, life experiences and backgrounds to join us.
Teamworking for the planet
Everything we do here spins around Plan Zero. So, naturally, the team you’ll be joining plays a gigantic role in making that happen. Here’s how:
We’re hiring creators, challengers and coaches. Every role puts people at the heart of our information security strategy and uses technology and operational processes to build a resilient and performant business. The Path to Zero is paved with well-informed risk and reward decisions!
This role in a nutshell:
You'll build and operate information security policy as code services aimed at ensuring information security control coverage and effectiveness are accurately evidenced and as automated as possible. The services will take a risk-based ISO27001 compliant approach, ensuring governance processes stay out of the way of low risk activities and providing simple and intuitive navigation for high-risk activities.
This is a hands-on engineering role where you and your team will ensure that information security governance and policy-as-code propagate throughout our entire OVO ecosystem. You'll build tools and dashboards for control owners and OVO leadership to aid policy authoring and testing as well as monitoring and reporting activities.
Your key outcomes will be:
- OVO teams are comfortable taking accountability and ownership for security, as well as instilling best-in-class security practices (e.g. automated verifiable application and cloud security and DevOps-forward ways of working)
- High trust relationships with engineering teams, their security leads and domain leads to ensure information security policy touches every part of our technology platform and product ecosystem
- Collaboration with data / financial / privacy and other governance personnel to ensure policies are accurately encoded and faithfully executed and to provide simple and useful dashboarding / reporting systems
- Recognition from a team of bright, passionate analysts and engineers that you have a clear focus on ensuring OVO has an outstanding capability to identify and reduce downside risk thereby improving OVO’s chances of success
Systems: Experience building integrations, workflows, actionable insights and operating models based on the following technologies and platforms would be advantageous (we are not expecting candidates to have experience in all these platforms):
- GRC platforms (Hyperproof)
- Third Party Risk and Contract Management (Prevalent)
- Cloud Native Application Protection and Cloud Security Posture Management (Wiz)
- GCP, AWS and Azure native security and compliance monitoring
- SaaS discovery, event monitoring and security posture management
- Identity and Access Management and Privileged Access Management platforms
- Application Security Verification Standard and related technologies
- Zero Trust Network Access Solutions
- Security Information and Event Management and Security Orchestration and Automated Response (Google SecOps)
- Endpoint, Cloud and Identity Detection and Response
- Issue and Project Tracking (Jira)
- Cyber Asset and Attack Surface Management
- Infrastructure Vulnerability Scanning
You’ll be a successful Security GRC Engineer at OVO if you…
- A creator: You're a hands-on Senior Engineer who takes a user-centered design approach to build and administer automated security verification workflows; you lead by example, leveraging APIs and policy agents to pull and/or aggregate data from various sources, combining sources to enrich and inform GRC.
- A challenger: you embrace failure and do not shy away from difficult conversations in order to drive business and cyber risk strategy and security architecture alignment. You are a champion for clarity about boundaries of responsibility for security work.
- A coach: you inspire your team and provide examples, practical support and approaches to integrate with the business to educate, advise and influence activities with cyber risk implications. You help innovate and instigate change to manage risk.
Let’s talk about what’s in it for you
We’ll pay you between £52,800 - £76,038, depending on your specific skills and experience. If your expectations are a little different, have a chat with us!
We keep our pay ranges broad on purpose to give us, and you, flexibility to match your experience to our zero carbon mission.
You’ll be eligible for an on-target bonus of 15%. We have one OVO bonus plan that focuses on the collective performance of our people to deliver our Plan Zero goal.
We also offer plenty of green benefits and progressive policies to help you feel like you belong at OVO…and there’s flex pay. It’s an extra 9% of your salary on top of your core pay to use as you like. You can take it as cash, add to your pension, or choose to spend it on a huge range of flex benefits. Here’s a taster of what’s on offer:
For starters, you’ll get 34 days of holiday (including bank holidays). For your healthWith benefits like a healthcare cash plan or private medical insurance depending on your career level, critical illness cover, life assurance, health assessments, and moreFor your wellbeingWith gym membership, gadget, travel and cyber insurance, workplace ISA, will writing services, DNA testing, dental insurance, and more For your lifestyle With extra holiday buying, discount dining, culture cards, tech loans, and supporting your favourite charities with give-as-you-earn donationsFor your home Get up to £300 off any OVO Energy plan (when you pay by Direct Debit), plus personal carbon offsetting and great discounts on smart thermostats and EV chargersFor your commute Nab a great deal on ultra-low emission car leasing, plus our cycle to work scheme and public transport season ticket loans Want to hear about our full range of flexible benefits and progressive people policies? Our People Team can tell you everything you need to know.
For your Belonging
To find better ways to support our people, we need to listen to each other’s experiences and find ways to build a truly inclusive and diverse workplace. As part of this, we have 8 Belonging Networks at OVO. Led by our people, for our people - so when you join OVO, you can play a part - big or small - with any of the Networks. It's up to you.
Oh, and one last thing...
We’d be thrilled if you tick off all our boxes yet we also believe it’s just as important we tick off all of yours. And if you think you have most of what we’re looking for but not every single thing, go ahead and hit apply. We’d still love to hear from you! If you have any additional requirements, there’s a space to let us know on the application form; we want to make the process as easy and comfortable for you as possible..