Security testing Lead

Our client Scottish Power are currently recruiting for a Security Testing Lead to join their team based in Glasgow on a contract basis initially (12 months), with the chance of extension. Ideally for this role they are looking for someone with project management experience, understanding of Pen Testing, skills and experience in understanding at a technical level security operations.

For more information on this role see below:

Cyber Security Testing Lead
ScottishPower HQ, Glasgow
Flexible & Hybrid working pattern

Help us create a better future, quicker
SP Energy Networks (SPEN) has kicked off an ambitious security transformation programme to transparently reduce risk, achieve compliance with NIS regulations and deliver a cyber resilient business, the Cyber Security Testing Lead will be essential in achieving our goals.

As a Cyber Security Testing Lead, you will play a crucial role in ensuring the security and resilience of our organization’s critical systems. Your primary responsibility will be to manage and supervise third-party penetration testing efforts. You’ll collaborate closely with internal teams, external vendors, and stakeholders to assess and enhance our security posture.

The postholder will work within a security operations team containing various cyber security functions such as security operations, threat intelligence, identity & access management, response & recovery and vulnerability management.
What you’ll be doing
Penetration Testing Oversight:
• Coordinate and Manage: Oversee third-party penetration testing engagements, ensuring they align with organizational goals and requirements.
• Scope Definition: Collaborate with stakeholders to define the scope of penetration tests, including target systems, applications, and networks.
• Risk Assessment: Evaluate test results, identify vulnerabilities, and assess their impact on the organization’s security.
• Remediation Guidance: Provide actionable recommendations to address identified vulnerabilities.
Security Process Development:
• Policy and Procedures: Develop and implement security policies, processes, and procedures related to penetration testing.
• Incident Response: Document known security breaches and vulnerabilities, ensuring timely resolution.
Collaboration and Communication:
• Cross-Functional Teams: Work closely with cybersecurity engineers, IT teams, and other relevant departments.
• Feedback Loop: Provide feedback to improve existing systems and proposed security measures.
• Reporting: Prepare and present reports on penetration testing results to senior management.
Cyber Representative System / Lab Creation:
• Team Collaboration: Be part of a team responsible for creating and maintaining a cyber representative system or lab.
• Design and Implementation: Contribute to the design, setup, and ongoing management of the lab environment.
• Testing and Validation: Use the lab for testing security controls, scenarios, and simulations.
What you’ll bring

• Prior experience in managing penetration testing efforts or working directly with penetration testers.
• Skills and experience in understanding at a technical level security operations.
• Awareness of key legislation and regulation impacting IT/OT General Control requirements in an energy utility.
• Strong communication skills to collaborate effectively with internal and external stakeholders.
• Analytical mindset to assess risks and prioritize remediation efforts.
• Knowledge of security best practices and industry standards.