Security and Risk Specialist

We need everyone's positive energy and innovative thinking to lead the transition to new energy. That's why we welcome applications from all backgrounds and experiences and offer flexible working options to suit everyone!

We're looking for a Security and Risk Specialist to join our Digital Technology function on a permanent basis. This role can be based at Nottingham, Kingswinford or Solihull and offers a hybrid working model, allowing you to play a critical role in securing our technology landscape as the energy industry continues to transform.

Security and Risk Specialist Here's what you'll be doing

As a subject matter expert, you’ll take ownership of IT risk and security controls across E.ON UK, ensuring our technology, suppliers, and systems meet the highest standards of security, compliance, and resilience. Working in a complex multi-supplier environment, you’ll assess and manage IT risks end-to-end, ensuring appropriate mitigation plans are in place and executed effectively. You’ll act as a trusted advisor across the business, providing leadership, guidance, and challenge at all levels – including acting on behalf of the CTO when required.

Key Responsibilities

  • Lead the management of IT security risks and controls across E.ON UK, including supplier compliance, audits, certifications, and accreditations.
  • Define, implement, and maintain robust security controls across a complex multi-supplier technology environment.
  • Assess, document, and treat security risks, ensuring appropriate mitigation plans are developed and delivered.
  • Act as a security and risk champion across Digital Technology, providing guidance, coaching, and support to teams and suppliers.
  • Chair and represent E.ON in supplier security working groups and the wider E.ON security community, including engagement with CERT.
  • Set standards for security documentation, reviewing supplier outputs and ensuring alignment with best practice.
  • Scope, commission, and interpret penetration testing activities, translating findings into business-focused risk and remediation plans.
  • Effective management of security vulnerabilities by working with suppliers to identify, evaluate and remediate
  • Work closely with Information Security, Internal Controls, Audit Services, and senior stakeholders to ensure continuity and consistency of controls.
  • Coach and support junior team members, contributing to capability and knowledge development across the function.
What we need from you

Essential

• At least 5 years’ experience in IT security and architecture.

• Strong experience working with cloud computing technologies.

• Knowledge and practical experience of ISO 27001 and ISO 27002, including operating within an ISMS.

• Proven track record of delivering security improvement initiatives and security awareness programmes.

• Experience applying industry best practice frameworks such as NCSC, NIST, OWASP, SAMM, or SABSA.

• Ability to provide security consultancy across multiple projects, advising on risk, treatment options, and controls.

• Demonstrable experience conducting information security risk assessments, threat modelling and guiding others on effective risk management.

• Experience scoping and managing penetration testing for internal and third-party solutions.

• Excellent written and verbal communication skills, with the ability to translate technical risk into business language.

Desirable

• Experience working in a multi-site, multi-vendor environment.

• Knowledge of vulnerability management tools such as Qualys or Wiz.

• Professional security qualifications (e.g. CISSP, ISSAP, CISM, CRISC).

• Experience providing third-party security assurance during supplier selection and contract management.

• Experience implementing or auditing ISO 27001, ideally as a lead auditor or implementer.

Here’s what you need to know
  • Award-Winning Workplace - We’re proud to be named a Sunday Times Best Place to Work 2025 and the Best Place to Work for 16–34-year-olds.
  • Outstanding Benefits - Enjoy 26 days of annual leave plus bank holidays, a generous pension, life cover, bonus opportunities, and access to 20 flexible benefits with tax/NI savings.
  • Flexible & Family-Friendly - Our industry-leading hybrid and family-friendly policies earned us double recognition at the Personnel Today Awards 2024. We’re open to discussing how flexibility can work for you.
  • Inclusive & Diverse - We’re the only energy company in the Inclusive Top 50 UK Employers. We’re also proud winners of Best Employer for Women and Human Company of the Year—recognising our inclusive, people-first culture.
  • Support at Every Stage of Life - We’re Fertility Friendly and Menopause Friendly accredited, with inclusive support for everyone.
  • Accessible & Supportive - Do you consider yourself as having a disability? As a Disability Confident Employer, we guarantee interviews for disabled applicants who meet the minimum criteria for the role and will make any adjustments needed during the process.
  • Invested in Your Growth - From inclusive talent networks to top-tier development programmes, we’ll support your growth every step of the way.
Apply Now
Apply Now

Job Details

Company
E.ON
Location
Nottingham, Nottinghamshire, England, United Kingdom
Hybrid / Remote Options
Employment Type
Full-Time
Salary
£65,279 - £82,382 per annum
Posted