IT Policy, Risk & Compliance Manager

---

Job description

Our IT function is using the latest Technology to deliver business benefit to Drax more quickly, improve user experience and drive operational efficiencies.

We're now looking to recruit an IT Policy, Risk and Compliance Manager to join our IT Strategy & Governance team.

About the Role

• Leading on the group-wide design, implementation, and ongoing maintenance of a IT control framework for Drax IT. You'll develop a Group-wide framework of key technology controls, IT governance policies and processes through coordination with technology teams and external advisors, ensuring it is appropriate and comprehensive in alignment with our IT strategy and roadmap.

• Providing direction on Group IT Control Framework, Policies and Standards, ensuring they support compliance to relevant regulation/requirements.

• Taking responsibility for quarterly IT and Security key controls reporting and validation activities with IT and Security stakeholders for reporting to Audit Committee.

• Leading in designing and agreeing a system of 2nd line assurance on IT controls with key stakeholders, considering how testing will be performed, the evidence required, frequency, risk focus etc.

• Establishing a systematic and disciplined approach across IT functions to manage IT Risk Management through quarterly leadership and monthly risks management meetings. You' will be leading Information Risk deep dive reporting for reporting to IT Board, ExCom, and Board.

• Liaising with key stakeholders (IT Leadership and reports, Security, KPMG, Deloitte) on various governance, risk, and audit related matters.

• Accountability for IT controls submissions and Principal risk reporting to Audit Committee and Board on a half yearly and yearly basis in collaboration with IT and Security Director.

• Providing strong central oversight to deliver consistency and quality in audit and compliance work (KPMG Internal Audit and Deloitte External Audit) across the function / wider business. You'll be primary point of contact for IT participation in internal and external audits.

• Following up on Internal audit actions and monthly reporting to ExCom and quarterly reporting updates to KPMG/Internal Audit.

• Taking responsibility for the annual update of IT and IS Key Controls Group Assurance Map.

About You

You'll have a strong experience working in IT internal controls, internal audit, external and/ or risk related roles within technology. This will include experience working in assessment of policies and standards, risk scoring, assessment of the design and operating effectiveness of mitigating controls and recommending improvements to control design. You'll bring knowledge of UK regulatory and compliance environments (i.e., PCI, SOX) and ability to apply it appropriately.

Strong technical and process knowledge within IT is required including security, system development and project management processes. You'll bring knowledge of key technology frameworks CRISC, COBIT, ITIL, ISO27001 is ideal, as well as a professional qualification such as CISA, CISM and/ or ITIL.

The role requires you to have the ability to communicate clearly and with impact in high pressure situations including the ability to challenge and influence the view of senior stakeholders respectfully, confidently, and effectively to bring a new perspective.

About Drax

Drax is playing a vital role in helping change the way energy is generated, supplied and used. To learn more about how we're enabling a zero carbon, lower cost energy future, click here.

We're at our best when we're proactive, committed, and reliable - and trust others to be the same. This role offers hybrid working, allowing you to split your time between the office and working from home.

You'll also have the option for flexible hours, so you can make your hours work for you.

Application Process

To arrange a chat or get a copy of the job description, please email .

If you're ready to submit an application, click the 'Apply now' button.

We're at our best when we share inspiration and insight right across Drax, and search for new ideas and ways of working. We welcome applications from everyone and hire great people to build talented and diverse teams.