The climate crisis means that now, more than ever, we need to act. Here at Piclo, we believe we are not powerless against climate change and are focused on enabling the transition to a decarbonised future. Our team is on a mission to make our energy systems smart, flexible and sustainable.
Who we are looking for
We are looking for a Cybersecurity Lead - you’ll be a key figure in safeguarding our company’s and customers’ information and infrastructure against potential cyber threats. This role is crucial for maintaining the security of our assets and contributing significantly to our overall security posture.
Our ideal candidate meets many - but not necessarily all - of the below criteria:
- Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or other similar credentials.
- Solid understanding of different security frameworks, such as ISO 27001, NIST, Cyber Essentials, and CIS Controls.
- Minimum of 8 years' experience in cybersecurity, with proven experience in risk mitigation, incident management, and security policy development.
- Experience in international cybersecurity management and familiarity with IT legislation in different regions, such as APAC, North America, and Europe.
- You are an incredibly motivated and organised person. You enjoy the process of prioritising work and setting timelines while collaborating with cross-functional teams.
- You’re resourceful, resilient, and flexible, and will help clear the path for everyone to do their best work.
- You are an excellent communicator who can build relationships with teammates from different disciplines, making sure that everyone is clear about what’s required of them.
- You are confident and well adept in communicating and collaborating with external clients.
- You’re fluent in English, even if it’s not your first language.
- Strong analytical and problem-solving skills with the ability to think strategically.
- Experience with security technologies such as SIEM, IDS/IPS, firewalls, and endpoint protection.
- Excellent communication skills, with the ability to explain complex cybersecurity concepts to non-technical stakeholders.
- Experience working in the energy sector or with SaaS products is beneficial.
- Experience managing projects or leading process change in an organisation.
- Experience in scale-up environments.
- You are motivated by Piclo’s mission to make our energy system smart, flexible and clean.
- You are naturally empathic and are always mindful of the humans who use and benefit from your work.
About the role
The Cybersecurity Lead is tasked with defining and driving the overall cybersecurity strategy for the company. You will lead initiatives to develop and enforce security policies, proactively detect and manage cyber threats and incidents, and spearhead compliance and training programs to uphold the highest standards of security across the organisation. This role sits within the Security Operations team and is responsible for providing leadership and strategic direction to protect our organisation and its products. Responsibilities will include the following:
Cybersecurity Strategy and Policy
- Develop and implement a comprehensive cybersecurity strategy that aligns with the company’s business goals and risk profile.
- Provide leadership and direction to the Security Operations team, ensuring that a robust and engaged culture of cybersecurity awareness is in place across the organisation.
- Collaborate with executives and stakeholders to align security priorities with organisational objectives and effectively allocate resources.
- Establish strong, trust-based relationships throughout the organisation.
Threat Detection and Incident Management
- Perform advanced threat and vulnerability assessments on our IT systems and infrastructure, directing efforts to strengthen security posture.
- Lead and coordinate the technical and strategic response to security incidents, including detection, mitigation, and post-incident analysis.
- Oversee third-party penetration testing engagements and guide the integration of security practices into our development and operational environments.
- Build strong relationships with partner organisations to actively manage and share threat intelligence.
Compliance and Training
- Develop, document, and effectively communicate security policies, standards, and procedures, ensuring alignment with organisational information security standards and compliance requirements.
- Develop a pipeline of compliance standards, guidelines, and best practices, with an aim to prioritise and lead on their implementation across the organisation.
- Stay abreast of international and industry-specific regulations (such as GDPR) and ensure that the company’s security posture is in compliance.
- Develop and lead security training and awareness programs to promote a strong security culture across the organisation.
What we can offer
- £80-90k, with the ability to participate in the success of the company through its share option scheme
- 25 days holiday (plus Bank Holidays)
- 35 hour week - with flexible working hours (within core business hours)
- Hybrid working - we aim to have team days in our London office monthly.
- Life assurance, income protection and private healthcare with Vitality (medical history disregarded)
- A monthly expense budget for the extra kit or tools you might need to get your job done to the best of your abilities at home
- Annual allowance to spend on professional development
- Regular off-sites, where the whole company gets together
- A super welcoming, supportive, collaborative and transparent culture where the priority is to help shape your role to find the best balance between what we need as a business and your career progression plans.
Who we are
Piclo’s mission is to decarbonise the grid. We develop software solutions that make our energy networks smarter, flexible and more sustainable. Our flagship product, Piclo Flex is the leading independent marketplace for energy flexibility services, enabling system operators (such as National Grid ESO, UKPN and a growing number internationally) to source energy flexibility from flexible service providers (e.g. electric vehicles) during times of high demand or low supply. As of 2022, Piclo Flex has 55,000 registered flexible assets and flexibility contracts awarded totalling £57.4m with 16.6 GW of flex capacity registered and 1.1 GW+ of flexible capacity procured.
Piclo currently provides flexibility services in six global markets: UK, Ireland, Italy, Portugal, Lithuania and in the United States in New York State. Aside from its leading position in the UK, Piclo has a growing presence in Europe, North America and Australia.
We know “flexibility” can be quite complex to understand at first, here’s a short video that explains “what are flexibility services?”
Our team welcomes everyone to work together on our mission. We are all in this together after all. We don’t believe that anyone should be discriminated against for any reason, be that age, nationality, gender, race, sexual preferences, religious beliefs, political leanings or disabilities. We welcome diversity among our colleagues and see it as important that everyone is supported and comfortable working with us. Piclo is expanding internationally, so English doesn’t have to be your first language, but we would like you to be fluent.
Please include either a copy of your CV, the URLs for your personal site or Linkedin profile, as well as URLs to any relevant public repositories that might support your application. Please note that, at this stage, we’re more interested in hearing why you think you’re a good match for us and the role.
We conduct interviews in three stages
- Introductory call: we’ll invite you for a short video call to discuss your experience and what you’re looking for in your next role.
- Challenge: If successful, applicants will be invited to complete a challenge relevant to the skills required in your role
- Final interview: if successful, applicants will then be invited to a final, in-depth interview to meet additional members of the team.
- Citizenship: Not Provided
- Incentives: Not Provided
- Education: Not Provided
- Travel: Not Provided
- Telework: Not Provided