DPO and Security GRC (Governance, Risk and Compliance) Lead

Role OVO-View

Team: Risk, Regulation & Compliance

Salary banding: £77,470 - £100,260

Experience: Experienced

**Working pattern:**Full-Time

Reporting to: Mary Starks - VP Regulation, Policy and Risk

Sponsorship: Unfortunately we are unable to offer sponsorship for this role.

This role in 3 words: Privacy, Security, Trust

Top 3 qualities for this role: Analytical, Diligent, Ethical

Where you’ll work: At OVO, we understand that a one size fits all approach doesn’t work for everyone. That’s why we created the OVO Way of Flexibility. All our roles are hub based (Bristol, Glasgow or London), providing a dedicated space for collaboration, connection and teamwork. You’ll also have the flexibility to work from home.

In the words of the team, you should leave your current role for this one because….

“You'll lead the creation of a data risk and control team supervising the processes and technologies that power OVO’s business. You'll support OVO teams to build and operate risk identification and management mechanisms across solution lifecycles, increase risk observability and empower data and system owners. The team you lead will drive the reduction of downside privacy and security risks to OVO’s goals.”

Everyone belongs at OVO

At OVO, we are on a mission to solve one of humanity's biggest challenges, the climate crisis. And we know it takes all of us to change the world. That's why we need diverse people from all abilities, gender identities, ethnicities, ages, sexual orientations, life experiences and backgrounds to join us.

Teamworking for the planet

Everything we do here spins around Plan Zero. So, naturally, the team you’ll be joining plays a gigantic role in making that happen. Here’s how:

If you’re a strong risk leader we’d love to hear from you! Every role we’re hiring puts people at the heart of our strategy and uses technology and operational processes to strengthen our resilient and performing business. The Path to Zero is paved with well-informed risk and reward decisions!

This role in a nutshell:

You'll manage a second line of defense privacy and security team aimed at ensuring privacy and security governance processes are both faithfully implemented and as automated as possible. Your team will take a regulatory compliant risk-based approach, avoiding unnecessary processes for low risk activities and providing simple and intuitive navigation for high-risk activities.

Your key outcomes will be:

• Act as OVO’s Data Protection Officer in accordance with the UK GDPR
• Develop and maintain OVO's privacy and security policies in line with statutory and regulatory obligations including the Retail and Smart Energy Codes
• Support and coordinate management focus on the privacy and security risk in individual business areas
• Drive a positive and effective culture within the team
• With the support of leadership team, build and maintain the security and privacy risk-based approach and the risk assessment of OVO's products and services.
• Establish and maintain appropriate risk-based monitoring processes proportionate to OVO's scale, nature, and complexity
• Document OVO's risk-based strategies and the basis for risk assessment and monitoring
• Ensure immediate investigations of all regulatory compliance impacting reports are received and lead submissions of a disclosure notification to the relevant proficient authority for incidents
• Make sure everyone at OVO knows about their personal responsibilities, the OVO policy and how we handle risks here
• Advocate and drive continuous professional development and team training
• Regularly review the efficiency of privacy and security compliance policies and procedures to prevent data protection and security incidents
• Lead on the creation of annual reports for OVO's Board and Senior Management on OVO's compliance with its obligations
• Develop and improve internal policies, procedures, systems and controls whilst staying on top of regulatory changes, enforcements or advisory notices.
• Be the face of OVO and represent us to all external agencies, e.g. regulators or law enforcement agencies, and in any other third-party enquiries related to security and privacy incident prevention, investigation or compliance
• Swiftly respond to any reasonable requests for information from authorities and/or law enforcement agencies

You’ll be a successful DPO and Security GRC (Governance, Risk and Compliance) Lead at OVO if you…

• Maintain a reputation for transparency and integrity: you'll make decisions based on good morals, have an eye for detail and committed to working with integrity and trust
• Are curious rather than judgemental: you showcase an appetite for maintaining data protection and security skills and expertise. While a good understanding of existing and proposed changes to legal and regulatory frameworks is important, you’ll also discover and share lessons on the implementation of policies, controls, and procedures
• Are a leader and extraordinary teammate: recognising that privacy and security are team sports requiring everyone to get on board and commitment is needed from all; you and your team should be able to work well and connect with technical and non-technical colleagues equally effectively.

Let’s talk about what’s in it for you

We’ll pay you between £77,470 - £100,260, depending on your specific skills and experience. If your expectations are a little different, have a chat with us!

We keep our pay ranges broad on purpose to give us, and you, flexibility to match your experience to our zero carbon mission.

You’ll be eligible for an on-target bonus of 15%. We have one OVO bonus plan that focuses on the collective performance of our people to deliver our Plan Zero goal.

We also offer plenty of green benefits and progressive policies to help you feel like you belong at OVO…and there’s flex pay. It’s an extra 9% of your salary on top of your core pay to use as you like. You can take it as cash, add to your pension, or choose to spend it on a huge range of flex benefits.

Here’s a taster of what’s on offer:

For starters, you’ll get 34 days of holiday (including bank holidays).

For your healthWith benefits like a healthcare cash plan or private medical insurance depending on your career level, critical illness cover, life assurance, health assessments, and more
For your wellbeingWith gym membership, gadget, travel and cyber insurance, workplace ISA, will writing services, DNA testing, dental insurance, and more For your lifestyle With extra holiday buying, discount dining, culture cards, tech loans, and supporting your favourite charities with give-as-you-earn donations

For your home Get up to £300 off any OVO Energy plan, plus personal carbon offsetting and great discounts on smart thermostats and EV chargers
For your commute Nab a great deal on ultra-low emission car leasing**,** plus our cycle to work scheme and public transport season ticket loans

Want to hear about our full range of flexible benefits and progressive people policies? Our People Team can tell you everything you need to know.

For your Belonging

To find better ways to support our people, we need to listen to each other’s experiences and find ways to build a truly inclusive and diverse workplace. As part of this, we have 8 Belonging Networks at OVO. Led by our people, for our people - so when you join OVO, you can play a part - big or small - with any of the Networks. It's up to you.

Oh, and one last thing...

We’d be thrilled if you tick off all our boxes, yet we also believe it’s just as important we tick off all of yours. And if you think you have most of what we’re looking for but not every single thing, go ahead and hit apply. We’d still love to hear from you! If you have any additional requirements, there’s a space to let us know on the application form; we want to make the process as easy and comfortable for you as possible..

 ###### DEPARTMENT

Risk, Regulation & Compliance

LOCATION

Any of our offices