Technology Risk Analyst

  • Job Reference: R0057600
  • Date Posted: 23 April 2024
  • Employer: Centrica
  • Location: Windsor, Berkshire
  • Salary: On Application
  • Bonus/Benefits: Bonus, pension and benefits
  • Sector: Information Technology (IT)
  • Job Type: Permanent
  • Work Hours: Full Time

Job Description

We are Centrica! We're so much more than an energy company. We're a family of brands revolutionising a cleaner, greener future. Working here is #MoreThanACareer - we're powered by purpose. Together we can make an impact that will truly change tomorrow. Whether you're developing cutting-edge green tech, helping customers on the front line or simplifying operations behind the scenes.

Your work here isn't just a job - it's a mission. We all play a vital role in energising a greener, fairer future.

An opportunity to play your part

We have an exciting opportunity for a Technology Risk Analyst in BG Services Business to help us to roll out an IT General Controls framework as we move towards an established control environment.

The team operates as the first line of defence and is currently managing the implementation of an IT General Controls Framework. You will facilitate interactions between the Digital Technology Services team, BG Services and the BG operational controls team

You will work collaboratively to ensure that the IT General Controls framework is introduced with consideration to our current risks and threats to create an established control environment to proactively manage our risk landscape.

We have tailored our well-being & benefits package around our employees as follows:

  • Competitive salary and bonus potential

  • Employee Energy Allowance at 15% of the government price cap

  • Pension scheme

  • Company Funded Healthcare Plan

  • 25 days holiday allowance, plus public holidays, and the option to buy up to 5 additional days

  • Excellent range of flexible benefits, including technology vouchers, electric car lease scheme & travel insurance

Location: You can work in Windsor/home; we have people working all over the UK but also a range of office locations.


  • Assist in implementing the Technology risk and Controls framework and ensures timely assessment and treatment of security risks

  • Ensure Technology risks are either treated or accepted in accordance with the risk appetite

  • Works with the IT teams to identify and assess Technology risks including Cyber and InfoSec risks

  • Ensure periodic Technology risk assessments of key services, third parties and regulatory commitments are performed, and remediation plans are monitored

  • Ensure services are assessed and classified based on their Confidentiality, Integrity, and Availability

  • Work with the IT/OT teams to understand their key Technology risks and agree the actions to mitigate or monitored and improve their controls

  • Produce the quarterly IT Risk submission for the business units and working with Group level risk functions on Technology risk

  • Inform senior leadership of risks and recommendations in non-technical terms, considering cost/benefit, to ensure security of Information Systems

  • Support Legal and Compliance teams e.g. Data Protection and Privacy, as regards to Technology risks

  • Understand the external security environment and emerging trends to support Technology risk management

What we need from you

  • Strong knowledge of Technology risk and Control assessment methods/ Technology Audit

  • Strong knowledge of Information Security technologies, such as identity and access management, encryption, and multi-factor authentication

  • Understanding of power utilities, retail energy, and oil & gas industry trends and emerging threats would be useful but not essential

  • Ability to draw upon external network to understand emerging Cyber Security threats and events

  • Knowledge of internal and/or external regulatory policies, standards, procedures, and controls (e.g., COBIT, COSO, NIST, ISO27xx)

  • Ability to drive technical consensus and facilitate agreements with challenging stakeholders

  • Ability to understand business visions and strategy

  • Strong communication (oral and written) and conflict management skills

Education/ Certification: CISA, CRISC or other similar qualification (desirable)

Our commitment to diversity

We are proud to be recognised as a disability-confident employer. Our customers come from a variety of different backgrounds, and so do we. We hire great people from all walks of life, not just because it's the right thing to do, but because it makes our company stronger. We will continue championing inclusivity while investing in our local communities to create a better, more sustainable world for everyone. We are incredibly proud to have been recognised by The Times for being one of the Top 50 Employers for Women.

Our people are the beating heart of our business. We are incredibly proud of our commitment to being FlexFirst. From childcare to furry friends, we listened to our people and understood that they work best when they are comfortable and have a flexible working model that suits their individual needs.