Information Security & Data Protection Lead
Good Energy
disaster recovery
pentesting
pci compliance
infosec management
change management
data protection
You’ll play a vital role in protecting sensitive data, supporting IT disaster recovery planning, and leading change management processes. You’ll also be instrumental in maintaining our compliance with PCI-DSS, Cyber Essentials, and other key frameworks such as ISO27001 and NCSC CAF.
- Lead and coordinate external audits and third-party engagements.
- IT disaster recovery (DR): Develop, maintain, and regularly test IT DR plans to ensure business continuity.
- Ensure employees are aware of their responsibilities through policy updates, training, and awareness programs.
- Information security: Support and lead initiatives such as threat assessments, vulnerability management, incident response, and certification compliance (Cyber Essentials, ISO27001, etc.).
- Technology policy: Create, update, and enforce technology policies that meet industry standards and support operational excellence.
- Penetration & control testing: Coordinate system penetration testing and conduct regular tests across people, processes, and technology to ensure control effectiveness.
- PCI-DSS compliance: Oversee audits and assessments to maintain compliance with PCI-DSS requirements.
- Promote a culture of continuous improvement and innovation.
- Change management: Lead IT change processes by chairing the Change Advisory Board, ensuring smooth and secure transitions.
- Data protection: Implement and manage protocols to safeguard sensitive information, including robust impact assessments
cyber resilience
disaster recovery
utility experience
data protection
policy writing
communication
This is a great opportunity for someone who is technically skilled, detail-driven, and passionate about creating a secure and resilient digital environment.
We’re looking for an experienced and motivated Information Security and Data Protection Lead to join our team, reporting to the Head of Information Governance, Risk and Compliance. In this key role, you’ll take ownership of our information security and data protection practices, ensuring the integrity of our systems and compliance with regulatory and industry standards.
- Confidence in supporting IT operations, particularly in cyber resilience and disaster recovery
- Experience within the utility industry.
- Strong verbal and written communication skills
- Excellent attention to detail
- Solid knowledge of data protection law and regulatory requirements
- Communicate and collaborate effectively with internal teams and external partners.
- Proven experience in policy writing and implementation
- Ability to translate technical workflows into clear, usable documentation
🚆 £500 travel allowance - an annual allowance paid monthly alongside your salary to support with travelling to work costs.
💸 Ethical Pension with Aviva: Good Energy offers an ethical pension plan provided by Aviva, with employer-matched contributions up to 7.5% of your base salary.
🎁15%: company-wide bonus scheme designed to reward collective teamwork and delivery of results across the whole business.
🏡 £500 work from home allowance - an annual allowance paid monthly alongside your salary to support with working from home costs.
📖 £500 annual development allowance: to spend on your chosen development area, whether that’s in your current role, or future roles.
🌞 Holiday: 25 days annual leave, a day off for your birthday, additional days leave for long service, plus bank holidays. You’ll also have the option to buy additional leave, allowing for a better work-life balance.
Training + Development1999
Year Founded
The company was established as one of the UK’s first 100% renewable electricity suppliers.
2,000+
Generators Powered
Supplies 100% renewable electricity from over 2,000 independent generators across the UK.
£99.4M
Takeover Value
Agreed to a £99.4 million cash takeover by UAE’s Esyasoft in January 2025 for scaling operations.
2024
B Corp Certification Year
Certified as the only UK home energy supplier to achieve B Corp status.
- Over time it built and sold wind and solar generation assets, then refocused on energy services like solar panels, batteries, heat pumps, and EV charging.
- Certified as a B Corporation in 2024—the only UK home energy supplier to achieve this—it also holds Eco Provider and Uswitch Gold standards.
- They’ve spun out from generation to a full clean-energy services provider, integrating acquisitions and smart-home tech into an Energy-as-a-Service model.
- Straight-talking
- Performance Coaching
- Adaptive Working
- Open exchange of ideas, freedom of thought and expression, and productive debate built on dignity and mutual respect
50% Emissions Target
Science Based Targets Initiative
Aims to reduce emissions by 50% by 2030 relative to a 2018 baseline.
35% Emissions Drop
Carbon Emissions Reduction
Achieved a 35% reduction in carbon emissions from 158.6 t CO₂ in 2021 to 102.9 t CO₂ in 2022.
82% Commuting Reduction
Hybrid Working Model Impact
Hybrid work reduced commuting emissions from 427 t CO₂ in 2018 to 74.5 t CO₂ in 2022.
76% Public Transport
Business Travel Shift
Increased use of public transport for business travel from 40% to 76%, reducing related emissions from 12.5 t CO₂ to 3.3 t CO₂.
- Joined Science Based Targets Initiative (SBTi) and set near-term targets in March 2022
- Maintains ISO 14001-accredited environmental management system since 2017
- 2016–2024 milestones include LED lighting, EV charging points, green travel allowance, home-working carbon measurement, and 35% reduction in office space energy use
- Achieved B Corp Certification in 2024 with a score of 118.5 (external validation)
- Uses carbon offsets via Gold Standard projects for residual emissions
- Net zero target: Science-based target (50% reduction by 2030 with plans to offset the remainder)
2015
Living Wage Status
Recognized as a Living Wage employer since 2015.
2024
Workplace Ranking
Named a Top 25 UK company to work for in 2024.
- Outstanding rating by Best Companies (employee feedback)
