Apply now »

Title:  Vendor Security Manager - NESO

Location: 

Wokingham, GB, RG41 5BN

Division:  NESO Security
Job Type: 
Requisition Number:  62084
Department:  Business Services
Job Function:  Business Change and Project Management
Description: 

About the Role

National Energy System Operator (NESO) is on a journey towards a sustainable and secure energy future. Together we build on this momentum, advancing the Electricity System Operator’s (ESO) plan for zero carbon operability of the electricity system by 2025.


As we grow the security team here at NESO, we are now looking for Vendor Security Manager. In this role, you will join a rapidly expanding & high-functioning Security team and will be expected to build and lead a comprehensive vendor security function. You will collaborate closely with our internal teams and our supply chain to conduct risk assessments, identify and mitigate potential vendor security risks, review the required contracts and controls for vendors, and provide regular monitoring, assurance, and reporting. You will stay informed about current security threats and industry standards to continuously improve vendor risk management strategies. 


You will develop and maintain strong relationships, engaging teams across the organisation and in our supply chain to promote and embed a proactive culture to the management of supply chain security.


This role can be based from Wokingham, Warwick or Glasgow, and we continue to offer hybrid working from office and home.

Key Accountabilities

  • Oversight and management of regulatory and policy-driven requirements and processes in place to govern vendor security risks.
  • Facilitate vendor security risk assessments to understand the risk and control environment that underpins the product/service provided.
  • Support the Legal and Procurement teams to incorporate tailored security controls and requirements into vendor contracts.
  • Development and execution of the end-to-end vendor security assurance framework to identify and manage vendor security risk, mitigating potential disruption to the business.
  • Development of vendor security requirements and remediation plans based on informed consideration of the type of vendor, product/services provided, and risks posed to critical assets.
  • Incorporate supply chain responsibilities into incident management and response, BCP and crisis management processes where relevant.
  • Identify and develop opportunities to automate vendor security management and reporting processes.
  • Manage internal and external resources to successfully deliver vendor security outcomes. 
  • Develop metrics and reporting for vendor security risk to senior management and provide input into relevant business communications / awareness activities.
  • Maintain and develop knowledge of the sector, legislative changes, and threats to the supply chain.
  • Build and maintain strong working relationships with key internal and external stakeholders, supporting business risk owners to mitigate supply chain security risk at all stages of the supply chain lifecycle. 
  • Identify continuous improvement opportunities to increase the level of maturity of the vendor security management function.

About You

We’re forging the path, and we know we can’t do it alone. That’s why we need visionary minds like yours to join us on this transformative journey. In this case, we’re looking for someone who: 

  • A proven information security professional with a risk, compliance, and assurance background, with experience of implementing/assuring: ISO27001 / NIST, COBIT etc.
  • Extensive understanding and experience of supply chain risk and assurance practices. 
  • Proven experience of owning and maturing the vendor security management capability within an organisation, preferably in a critical national infrastructure organisation.
  • Ability to translate complex cyber security guidance and information into practical processes and documentation and able to articulate, present and discuss the impact of technical and non-technical risks in the context of the organisation. 
  • Demonstrable stakeholder management expertise, fostering positive behaviours and leading to successful engagement in risk and assurance activities.
  • Thorough understanding of supply chain risks posed to Critical National Infrastructure through cyber and physical environments.
  • Degree-level qualification or equivalent combination of education and experience with strong background in Risk/Compliance/Assurance.
  • Professional security qualifications/certifications in appropriate areas are desirable. 
  • An inclusive approach that creates belonging, builds trust, and promotes innovation.

What You'll Get

A competitive salary between £65,000 – 75,000 – dependent on experience and capability.


As well as your base salary, you will receive a bonus of up to 15% of your salary for stretch performance, 28 days annual leave as standard, and a competitive contributory pension scheme where we will double match your contribution to a maximum company contribution of 12%. 


You will also have access to a comprehensive benefits package tailored to support your well-being and professional success. From a competitive salary to flexible work arrangements, we promote your work-life balance. Enjoy fit for purpose wellbeing and lifestyle offerings, ongoing skill development aligned to our Purpose and Values, and be part of a supportive community that values your individuality and where you can belong.

About Us

Traditionally, Britain’s energy system has been split into two areas – gas and electricity – but to ensure that Britain’s energy system is secure and affordable there needs to be co-ordination across the whole energy system, with one single entity responsible for translating policy into immediate strategy. National Energy System Operator (NESO) will bring unparalleled change.


Forge a path to a sustainable future for everyone.
Your energy, our future, together.


About the National Energy System Operator (NESO)
In Autumn of 2024, the ESO transitioned to National Energy System Operator, or NESO for short. Previously denoted as the Future System Operator (or FSO), the new National Energy System Operator is the independent body responsible for planning Great Britain’s electricity and gas networks and operating the electricity system.  


The ESO, including all of its existing roles, are now at the heart of the new National Energy System Operator. As NESO, we will build on our existing roles, capabilities, and ways of working significantly to create an organisation the energy system and its users’ need. Our new capabilities will enable us to look across vectors, including electricity, natural gas and hydrogen, and crucially consider the trade-offs between them. 


The organisation is set up as a public corporation with its own Board of independent directors, with complete operational independence from government, the regulator and any and all commercial interest. As was the ESO, NESO will be licenced and regulated by Ofgem through price control agreements and obligated to identify optimal solutions to system operations and planning in the most sustainable, affordable and secure way for all. 


The time to deliver is now. As part of our team, you won’t just be touching the lives of almost everyone in Great Britain – you’ll be shaping the way we use and consume energy for generations to come.

More Information

We work towards the highest standards in everything we do, including how we support, value and develop our people. Our aim is to encourage and support employees to thrive and be the best they can be. We celebrate the difference people can bring into our organisation, and welcome and encourage applicants with diverse experiences and backgrounds, and offer flexible and tailored support, at home and in the office. 


We're committed to building a workforce that represents the communities we serve, and a working environment in which each individual feels valued, respected, fairly treated, and able to reach their full potential.

#LI-BO1

#LI-HYBRID

Apply now »