Controls Engineer

The Controls Engineer will manage the continuous security control environment for real-time evidence of security compliance.

While our offices are based in Windsor we would be very happy to talk about flexible working arrangements.

Role accountabilities:

• Document and maintain the security controls framework ensuring clear linkage to security risks, maintain control effectiveness evidence

• Conduct analysis of risks and regulatory requirement to identify control gaps

• Implement automated controls – develop solutions to test and measure effectiveness of information security controls

• Interface into other Centrica systems to collect data and provide input into MI systems

• Ongoing management of the automated controls, identifying false positives, tuning, etc.

• Produce reporting and MI that demonstrates coverage of security controls and their effectiveness

• Manage the technical implementation and configuration of toolsets

• Develop Dashboards for reporting of control effectiveness

• Produce communication material and reporting suitable for senior leaders

• Utilise the Information Security Risk Management process to report control failures.

Competencies, Experience and Qualifications:

• Experience in implementing automated controls

• API programming experience

• Technical knowledge of analytical and reporting tools

• Technical experience of programing skills, data lake and data analysis techniques

• Technical knowledge of key information security technologies, such as identity and access management, encryption, and multi-factor authentication

• Knowledge of internal and/or external regulatory policies, standards, procedures and controls (e.g., CPNI, NIST, ISO27xxx, PCI, SmartMeter)

• Extensive knowledge of IT control frameworks such as COBIT, ISO, ITIL

• Understanding of financial services regulations and controls, PRA/FCA, would be an advantage

• A good understanding of Security frameworks e.g. PCI, ISO27001, NIST, SANS.