Assurance and Control Analyst
| Posting date: | 03 March 2026 |
|---|---|
| Hours: | Full time |
| Closing date: | 02 April 2026 |
| Location: | G25AD |
| Remote working: | On-site only |
| Company: | Morson Talent |
| Job type: | Contract |
| Job reference: | 253860CLB-44957 |
Summary
Job Purpose Statement
The Assurance & Control Analyst plays a key role in delivering SPEN’s risk, control, and assurance framework by setting up and operating the assurance & control model, monitoring assurance activity across SPEN, and conducting audits to assess the effectiveness of the control environment. Reporting to the Assurance & Control Manager, the role provides high quality, evidence-based insights on control design and operating effectiveness, supports remediation of control weaknesses, and contributes to consistent, accurate assurance and control reporting for senior leadership.
In this role, you will plan and execute risk-based assurance reviews, maintain assurance dashboards, and control registers, and collaborate with first line SMEs across cross functional areas (e.g., Quality, Asset Management, Environment, H&S, Cyber, GDPR). You will help embed good control practices and support the integration of assurance outputs into SPEN’s ERM processes led by the Enterprise Risk Partner, ensuring assurance activity is timely, consistent, and aligned to ScottishPower standards.
Accountability Statements
Support the application of the Enterprise Risk Management (ERM) Framework through delivering SPEN’s assurance programme
• Set up, operate and continuously improve the assurance & control model to monitor assurance activities and control performance across SPEN.
• Plan and execute risk-based assurance reviews and audits of operational processes and controls, producing clear, evidence-based findings and recommendations.
• Coordinate assurance coverage across cross functional areas including Quality, Asset Management, Environment, H&S, Cyber and GDPR, ensuring controls are designed, performed, and maintained.
• Assess the design and operating effectiveness of controls identify gaps, agree actions with owners, and track remediation to closure.
• Maintain structured assurance plans, control registers, risk control matrices, and related documentation aligned to SPEN’s methodologies and standards.
Promote a culture of strong internal controls across SPEN
• Support awareness activity on internal control expectations, testing standards, and good practice provide practical guidance and templates to business teams.
• Contribute to training materials and share best practice on control design, control testing, and remediation approaches.
Reporting, insight, and governance
• Prepare clear, concise assurance reports, dashboards and metrics for business owners, the Assurance & Control Manager and relevant governance forums.
• Ensure assurance insights are accurately reflected in ERM risk reporting and committee papers led by the Enterprise Risk Partner.
• Maintain high standards of documentation quality, traceability and evidence across all assurance work.
Collaboration and methodology adherence
• Work closely with first line SMEs and specialist Group functions to apply consistent methodologies for assessing control effectiveness, aligned to ScottishPower and Iberdrola frameworks.
• Coordinate with Internal Audit, Compliance, Cyber Security, H&S and other oversight functions to avoid duplication and maximise value.
Fieldwork and continuous improvement
• Undertake on site audits and walk throughs across SPEN locations to validate processes and controls and gather robust evidence.
• Identify opportunities to streamline processes, strengthen controls and enhance assurance coverage contribute to continuous improvement initiatives.
Dimensions
• Operates across all SPEN directorates, engaging regularly with managers and senior leaders and establishing strong working relationships. Acts as a trusted member of the team who can confidently challenge assumptions, influence decision?making, and promote best?practice governance and risk management across the organisation.
• Ensures governance, controls, and risk oversight processes minimise exposure to significant regulatory consequences (individual breaches carry financial penalties of up to 10% of turnover per licence)
• Supports the integrity and performance of SPEN’s Governance, Risk and Compliance functions by ensuring risks, controls, and assurance activities are aligned, well?evidenced, and embedded across the business.
• Engages regularly with SP Internal Audit, preparing high?quality, insight?driven content for Audit Committee reporting, ensuring risk insights, control effectiveness, and assurance outcomes are clearly articulated for Board?level governance.
• Builds and sustains strong relationships with stakeholders at all levels, creating an environment of trust, transparency, and constructive challenge.
• Promotes and embeds a culture of assurance and control awareness across SPEN by encouraging early identification, meaningful assessment, and effective mitigation of risks at all levels of the organisation.
• Demonstrates the ability to maintain this level of oversight while also responding at short notice to urgent, unplanned, or ad?hoc requirements—without compromising delivery of core responsibilities.
Skills, Knowledge & Experience
• Experience in performing assurance, audit or control testing within a large, complex and regulated organisation, with a practical understanding of how effective controls mitigate material risks.
• Knowledge of internal control frameworks and methodologies hands-on experience evaluating control design and operating effectiveness across diverse business areas.
• Strong analytical and critical thinking skills, able to quickly understand complex processes and distil issues into clear, actionable recommendations.
• Excellent communication skills (written and verbal), with the ability to produce concise, business focused assurance reports and present findings to stakeholders. focused assurance reports and present findings to stakeholders.
• Proven ability to constructively challenge and influence process owners, while building collaborative relationships that support remediation and continuous improvement.
• Strong organisational skills, with the ability to manage multiple reviews, meet challenging deadlines and operate with autonomy and attention to detail.
• Experience in regulated environments, with an understanding of how regulatory expectations translate into control and assurance requirements.
• High-level of professional integrity, independence and objectivity, maintaining robust evidence and transparent documentation.
• Working knowledge of general IT controls (ITGCs) and application controls, and how digital systems and data influence the control environment.
• Familiarity with the Microsoft 365 suite and data/visualisation tools for assurance reporting and dashboarding is advantageous.
• Professional qualifications (e.g., Internal Audit, Risk Management, Accounting or Compliance) and post qualification experience are advantageous.
Planning & Organising
· Strategic Planning: Develop and maintain forward?looking plans covering a 1–3 year horizon, ensuring alignment with organisational strategy, regulatory expectations, and emerging risk themes. Anticipate future requirements, assess potential constraints, and proactively build plans that support long?term resilience and delivery.
· Prioritisation of Resources and Objectives: Evaluate competing priorities across the ENET risk, assurance, and controls landscape, allocating time, people, and effort to the areas of greatest organisational impact. Make informed decisions that balance strategic long?term goals with operational demands, ensuring resources are used effectively and efficiently.
· Assurance and Control Reporting Delivery: Oversee the timely and accurate delivery of all required ENET assurance and control reporting. Ensure reporting cycles, governance timelines, and stakeholder expectations are met. Maintain high standards of quality, clarity, and completeness, with robust oversight of dependencies and data inputs.
· Adaptability and Responsiveness: Respond swiftly and effectively to short?notice or unplanned requests, including urgent ad?hoc projects or changes in regulatory or organisational priorities. Manage these without losing focus on core deliverables by maintaining a structured approach to workload management, transparent communication with stakeholders, and active re?prioritisation where necessary.
· Continuous Improvement: Identify opportunities to enhance planning, reporting, and resource management processes. Apply lessons learned to strengthen forecasting, scheduling, and assurance activities, promoting more efficient and scalable ways of working.
• Degree qualified (or equivalent experience) with practical experience in assurance, control, or audit disciplines in a large organisation.
• Demonstrable experience planning and delivering audits/assurance reviews and supporting remediation activities.
• Good experience of supporting and/or managing projects, including documentation, stakeholder engagement, and delivery to timescales.