Rodeo
ResourcesPartnersSign in

National Energy System Operator

Head of Governance Risk and Compliance

Warwick
£85k – £100k/yr
Posted about 21 hours ago
Sign up to applySee more jobs like this

How your CV stacks up

1Upload CV
2Analyse CV
3Improve CV

Upload your CV to see how well it fits this job role

?%

About the Role

The Head of Governance, Risk & Compliance is a senior leadership role within NESO's Security function, reporting directly to the Chief Information Security Officer (CISO). This role is responsible for developing, implementing and continually enhancing NESO's security governance framework, threat-led cyber risk management framework and assurance strategy across one of the UK's most critical national infrastructure organisations.

This is a strategic role that requires close working with Executive stakeholders, the CIO leadership team, Enterprise Risk Management, Internal Audit, regulators and industry partners to ensure cyber and physical security risks are effectively understood, governed and managed in line with NESO's risk appetite and regulatory obligations.

The successful candidate will play a pivotal role in embedding a proactive risk culture, strengthening regulatory confidence, and ensuring security is integrated into NESO's digital, operational and business transformation agenda.

This role is designated as requiring a National Security Vetting (NSV) clearance. The level of clearance associated with this role (SC) will usually need you to have been a resident in the UK for the last five years to apply. We would invite any applicants who do not currently meet this residency requirement to still express an interest in the role.

This role can be based from Wokingham or Warwick and we continue to offer hybrid working from office and home.

Key Accountabilities

Governance & Strategy

  • Lead the development and continual evolution of NESO's Security Governance Framework, ensuring alignment with organisational strategy, risk appetite and regulatory obligations.
  • Develop and maintain security policies, standards, control frameworks and governance processes across cyber, technology and operational environments.
  • Act as a strategic advisor to the CISO on governance, risk and assurance matters.

Threat-Led Risk Management

  • Develop and operate NESO's enterprise cyber risk management framework, aligned to NIS Regulations, and external standards such as CAF, ISO 27001, and enterprise risk management processes.
  • Drive a threat-informed approach to risk identification, assessment, prioritisation and treatment.
  • Establish clear risk ownership and accountability across the organisation.
  • Lead development of Board and Executive Committee cyber risk reporting.
  • Provide independent challenge and assurance to major technology and business programmes.

Compliance & Assurance

  • Develop and implement a comprehensive cyber assurance strategy covering technology, operational environments, third parties and critical suppliers.
  • Lead NESO's compliance activities relating to NIS Regulations, CAF, ISO27001 and other applicable regulatory obligations.
  • Manage relationships with regulators, auditors and external assurance providers.
  • Establish metrics and reporting that provide meaningful insight into control effectiveness and organisational resilience.

Reasons to use Rodeo

I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?

Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.

Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.

Start with a chat, not a search bar

Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.

P

Graduate Consultant — 2026 Scheme

PwC·London, UK
£35,000/yr

Why you're a good match

Strong

Your economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.

See breakdown
Save jobNot relevant
View details

It searches the market for you

Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.

Why you're a good match

You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.

See breakdown
Strong

Experience fit

Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.

See breakdown
Strong

Only hits

No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.

Secure by Design & Transformation

  • Ensure governance, risk and assurance activities support NESO's digital, data, AI and technology transformation agenda.
  • Embed secure-by-design and risk-based decision-making into technology delivery, cloud adoption and DevSecOps practices.
  • Provide strategic oversight and challenge to major change programmes.
  • Provide governance, risk and assurance oversight for emerging technologies, including Artificial Intelligence (AI), ensuring their adoption aligns with NESO’s risk appetite, regulatory obligations and security requirements

Leadership & Culture

  • Lead and develop a high-performing Governance, Risk & Compliance function.
  • Foster a proactive security culture that promotes accountability, transparency and continuous improvement.
  • Build strong relationships across operational, technology and business teams to drive shared ownership of risk.

About You

We are seeking a strategic security leader with the ability to operate at both executive and technical levels. You will combine strong governance and risk leadership capabilities with sufficient technical credibility to challenge technology decisions, understand emerging threats and influence security outcomes across complex environments.

Essential

  • Significant experience leading Cyber Security Governance, Risk and Compliance functions within critical national infrastructure, highly regulated or complex operational environments.
  • Demonstrable experience designing and implementing enterprise security governance and threat-led risk management frameworks.
  • Proven track record leading NIS Regulations and CAF compliance programmes.
  • Experience providing cyber risk reporting and strategic advice to Boards, Executive Committees and regulators.
  • Experience operating within digital transformation, cloud, data, AI and DevSecOps environments.
  • Experience leading assurance activities across technology and third-party ecosystems.
  • Strong understanding of modern cyber threats, threat intelligence and risk management methodologies.
  • Experience building and leading high-performing teams.

Desirable

  • Energy sector experience.
  • Experience working closely with NCSC, Ofgem or other regulatory bodies.
  • CISSP, CISM, CRISC, ISO27001 Lead Implementer/Auditor or equivalent.
  • Experience of developing governance, risk management and assurance approaches for emerging technologies, including Artificial Intelligence (AI), Generative AI and advanced analytics, with an understanding of associated security, ethical and regulatory considerations.

What You'll Get

  • A competitive salary of £85,000 - £100,000 dependent on experience and capability
  • As well as your base salary, you will receive a benefits allowance, a bonus of up to 20% of your salary for stretch performance, private medical insurance, 28 days annual leave as standard and a competitive contributory pension scheme where we will double match your contribution to a maximum company contribution of 12%.
  • NESO's flexible benefits programme provides you with more flexibility around your health, lifestyle and protection benefits, here's just a few available:
    • Flexible Bank Holidays & Holiday Trading
    • Additional Birthday Day Off
    • Cycle to Work Scheme, Retail & Gym Discounts
    • Private Medical Insurance, Critical Illness Insurance & Personal Accident Insurance

Get help with your application

Your very own career expert that helps elevate your application to the next level.

Get help applying for this job

About Us

At the National Energy System Operator (NESO), we play a vital role in tackling climate change and securing Great Britain's energy future. We already operate the world's fastest decarbonising electricity system and are working towards our ambition to run it carbon-free for a short period this year - provided the market supplies electricity exclusively from renewable sources.

Alongside this, we provide expert advice to government on how to deliver a clean power system by 2030. In autumn 2024, the Electricity System Operator (ESO) transitioned to become NESO - an independent, expert public corporation with a whole-system view across electricity, gas, and hydrogen.

NESO operates independently and transparently, always acting in the best interests of all energy users. Licensed and regulated by Ofgem, we make impartial decisions that balance sustainability, affordability and security.

Our organisation is fully independent from government, the regulator and all commercial interests, with a clear focus on system-wide benefit, long term thing and public value.

The time to deliver is now. Join the energy transformation and help shape the future.

Your energy. Our future. Together

National Energy System Operator (NESO) recognises the potential of bright and talented individuals, and we encourage you to join us as Great Britain’s energy system undergoes an ambitious, exciting, and vital transformation.

Together with industry, we are creating a cleaner, more sustainable energy future.

More Information

This role closes at 23:59, on the day before date shown above, however we encourage candidates to submit their application as early as possible and not wait until the published closing date as this can vary.

Research shows that some people may hesitate to apply unless they meet every single requirement. At NESO, we believe potential comes in many forms and we're committed to a fair, inclusive recruitment process where everyone has the opportunity to show their talents.

We're committed to building a workforce that represents the communities we serve, and a working environment in which each individual feels valued, respected, fairly treated, and able to reach their full potential. If this role sparks your interest but you're not sure you tick every box, we still want to hear from you.

We celebrate the difference people can bring into our organisation, and welcome and encourage applicants with diverse experiences and backgrounds.

Trusted by 25,000+ job seekers

“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”

Jessica, London

Get help applying for this job

Skills

Security Governance
Cyber Risk Management
Compliance Assurance
NIS Regulations
CAF Framework
ISO 27001
Threat-Led Risk Identification
Stakeholder Management
Secure by Design
DevSecOps
AI Governance
Cloud Security
Third-Party Risk Management
Strategic Leadership
Regulatory Reporting
Critical National Infrastructure

Location

Warwick, England, United Kingdom

Sign up to applySee more jobs like this