SGN
Head of Cyber Governance, Risk and Compliance

How your CV stacks up
Upload your CV to see how well it fits this job role
?%
Senior Governance, Risk & Compliance Roles: Strategic Cyber Security & Regulatory Lead
Location: Hybrid | London Contract: Personal Contract, Full-time REF: REQ5121
About the Role
As a strategic leader in Governance, Risk and Compliance, you'll shape SGN’s cyber security and regulatory approach, ensuring our security framework remains robust, resilient, and fully compliant. Your role is critical in safeguarding our operations—where access to energy keeps homes and businesses warm and functioning.
Every team member at SGN helps deliver safety, warmth, and comfort. Here’s how you’ll contribute:
Key Responsibilities
Governance, Risk & Compliance (GRC) Leadership
- Lead and manage the GRC team, aligning cyber strategy with wider business objectives
- Oversee delivery plans, resource allocation, and stakeholder engagement for GRC initiatives
- Drive compliance excellence across frameworks, including NIS-R, ISO 27001/2, and NIST-2
Training & Awareness
- Develop and maintain SGN’s information security training materials for staff
- Incorporate lessons learned from incidents and adapt training content based on feedback
Information Security Policy & ISMS
- Maintain a comprehensive portfolio of security policies, standards, and procedures, ensuring alignment with ISO27001, NIST, and NIS eCAF
- Conduct regular reviews and approval workflows for key stakeholders
- Manage SGN’s Information Security Management System (ISMS) and policy exceptions for exceptions
Compliance & Assurance
- Monitor and report on compliance across SGN and third-party partners
- Lead ISO 27001, NIST, and NIS assurance reviews to support internal/external audits
- Own NIS submissions to OFGEM and engage in regulatory consultations/audits
Reasons to use Rodeo
I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?
Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.
Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.
Start with a chat, not a search bar
Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.
Graduate Consultant — 2026 Scheme
Why you're a good match
StrongYour economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.
See breakdownIt searches the market for you
Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.
Why you're a good match
You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.
Experience fit
Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.
Only hits
No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.
Risk Management
- Oversee cyber, operational technology (OT), and Gas Control risk assessments/reporting
- Establish and enforce risk management processes with reporting to the Chief Information Security Officer (CISO)
Advisory & Stakeholder Engagement
- Provide expert advice on security risks, controls, and strategy
- Maintain liaisons with external regulators and industry forums
Performance & Reporting
- Monitor security performance indicators and provide timely updates to internal/external stakeholders
- Manage bi-monthly phishing tests and mitigation actions
Regulatory & Funding Support
- Ensure compliance with legal and regulatory changes, assessing business impact
- Support funding documentation for RIIO-2 & RIIO-3 programmes
- Track and report on audit actions and outcomes
Qualifications & Requirements
Essential
- Degree level educated in a relevant discipline
- Professional certification from: CISM, CISSP, CISA, TOGAF, or CRISC
- Five years’ cyber security experience, with expertise in:
- Compliance Management
- Information Security Risk
- Internal/External Audits
Core Competencies
- Hands-on experience with regulatory engagement (OT security environment)
- Deep knowledge of NIS Regulations and their granular implementation (e.g., **NCSC Cyber Assessment Framework)
- Practical proficiency in global security frameworks including:
- NIST Cybersecurity Framework
- ISO 27000 series (e.g., 27001, 27005)
- IEC 62443 (Industrial cybersecurity)
- Exceptional written and verbal communication to articulate complex technical concepts to non-technical stakeholders
- Strong relationship-building and stakeholder management


Get help with your application
Your very own career expert that helps elevate your application to the next level.
Security Clearance
- Criminal record/legal clearance (reflective of the regulated energy sector)
Note on Inclusivity
We recognise research findings: sometimes candidates—especially women and underrepresented groups—may hesitate to apply unless they meet every criterion today. At SGN, we believe potential matters over rigid qualifications. If this role excites you, apply now regardless of “perfect fit.” You may be what we need—or what we’ll develop with your growing expertise.
Why Choose SGN?
This is more than a job—it’s a purpose-driven role at the heart of a legacy company accelerating net-zero energy. Our groundbreaking projects combine technical innovation with safety-first principles, all while delivering measurable impact on society’s energy supply.
Additional Benefits
- Competitive pension scheme | Enhanced maternity/paternity pay
- Life assurance | HolidayPlus time
- Cycle-to-Work scheme and more tailored wellness options
- OFGEM regulation shadow-board for pulse for regulatory updates
About Us
- Organic growth through R&D
- B Corp Certified leadership model
- Diversity & Inclusion page | Full benefits outline
Accessibility Note For application support or accommodations (e.g., disablement, neurodivergency), contact [email/HR team]. We’re committed to inclusive accessibility.
“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”
Jessica, London
Skills
Location