ISO27001 Programme Delivery Lead - 18 Month FTC
Team: Information Security Office
Experience: Expert
Working pattern: Full Time / FTC - 18 months
Reporting to: Raymond Fenton - Head of Information Security Office
Sponsorship: Unfortunately, we are unable to offer sponsorship for this role.
This role in 3 words: To lead, develop and innovate
Top 3 qualities for this role: Collaborative, Problem-Solving and Delivery focused
Where you’ll work: At OVO, we understand that a one-size-fits-all approach doesn’t work for everyone. That’s why we created the OVO Way of Flexibility. All our roles are hub-based (Bristol, Glasgow or London), providing a dedicated space for collaboration, connection, and teamwork. You’ll also have the flexibility to work from home. This approach enables our team to collaborate, connect, and innovate both online and in physical spaces.
This role in a nutshell:
As the ISO 27001 Implementation Project Manager within the Information Security Office, you will lead the end-to-end execution of our ISO 27001 certification project. You will collaborate with cross-functional teams to drive the implementation and continuous improvement of our existing Information Security Management System (ISMS), ensuring full compliance with ISO 27001 standards. Your role includes project planning and overseeing the implementation of security controls to safeguard critical assets, and the coordination of assessments to achieve certification. Strong project management skills, knowledge of information security, and experience implementing ISO 27001 in a software engineering organisation are essential.
Your key outcomes will be:
* Project Manage OVO's ISO 27001:2022 programme, and facilitate the assessment and certification of OVO’s Information Security Management System upgrade.
* Organise and lead a 'Centre of Excellence' for ISO 27001 leaders across business and technology departments.
* Identify opportunities for continuous improvement and share best practices.
* Manage relationships with third-party auditors and achieve ISMS audit efficiencies through common data collection and pulling from APIs and scaling common control practices.
* Lead the reporting, dashboards, and analysis of programme status and effectiveness.
* Lead delivery of initiatives to develop and configure tools to support cybersecurity governance, risk, and compliance management including ISO toolkits and job aids to enhance performance and productivity.
* Report to senior leadership on non-conformities, action plans, and remediation progress.
* Foster an environment that encourages innovation and continuous improvement in risk and compliance.
* Support OVO’s privacy and security GRC team on their initiatives and in their interactions on information security risk and control matters.
You’ll be a successful ISO27001 Programme Delivery Lead at OVO if you…
* Proven experience in project management of ISO27001 implementation.
* Working knowledge of risk frameworks and industry best practices (e.g., ISO 27001, NIST CSF, SOC 2, Cedar policy language).
* Ability to work cross-functionally within a complex organisation and communicate with senior leadership.
* Experience with verifying policy as code and implementing repeatable and automatable processes to meet GRC requirements.
* Strong ethics, integrity, and advocacy for diversity, equity, and inclusion.
* Adaptability to shifting priorities and problem-solving capabilities.
* Proven people, portfolio, programme, and project management skills.
Let’s talk about what’s in it for you
We’ll pay you between £71,240.00 - £102,584 depending on your specific skills and experience. You’ll be eligible for an on-target bonus of 15%. We have one OVO bonus plan that focuses on the collective performance of our people to deliver our Plan Zero goal. We also offer plenty of green benefits and progressive policies to help you feel like you belong at OVO.
For your Belonging
To find better ways to support our people, we need to listen to each other’s experiences and find ways to build a truly inclusive and diverse workplace. As part of this, we have 8 Belonging Networks at OVO. Led by our people, for our people - so when you join OVO, you can play a part - big or small - with any of the Networks. It's up to you.
Oh, and one last thing...
We’d be thrilled if you tick off all our boxes yet we also believe it’s just as important we tick off all of yours. And if you think you have most of what we’re looking for but not every single thing, go ahead and hit apply. We’d still love to hear from you!
#J-18808-Ljbffr