Senior Cyber Security Advisor

National

Ofgem works on behalf of energy consumers to ensure that every household and business in GB can rely on a safe, affordable and environmentally sustainable energy supply. We are playing a vital part in accelerating the transition to Net Zero and a carbon neutral energy system – a goal that everyone wants to achieve. Whatever your role, you’ll be playing your part in creating new energy solutions that are great for customers, and great for the environment.

We offer a diverse range of flexible working career opportunities: roles that are stimulating and rewarding, where you can get involved in ground-breaking work. And it’s important to us that we recruit from a wide range of professional and personal backgrounds – bringing different perspectives and experiences to our work.

This is an ideal role for someone with experience of working in cyber security to play their part in protecting the UK National Infrastructure (implementing cyber security regulations to improve security and resilience in the energy supply) and protecting Ofgem (ensuring that appropriate levels of security, privacy and resilience protect our people, data, operations and facilities from harm). You’ll establish a close working relationship with Operators of Essential Services promoting a partnership approach to mitigating against cyber and related security threats. You’ll offer expert advice to Operators on how they can best interpret and apply the regulatory framework, and ensure that they have appropriately robust assessment and evaluation tools in place. And you’ll be well placed to draw out sector-wide intelligence on potential cyber security threats, vulnerabilities, controls and incidents.

Your cyber security expertise should be supported by client facing experience, enabling you to negotiate, persuade and coach effectively – establishing credibility and trust with senior stakeholders. Specifically, your technical experience and knowledge should include:

• Operating or architecting in an Operational Technology (OT, ICS, IACS) environment, related to managing the security of critical systems;
• Understanding of cyber security risks affecting Industrial Control Systems, and duly considering appropriate and proportionate security controls to mitigate such risks;
• Managing security and risks associate with Operational Technology and/or Control Systems; and
• Working knowledge of IEC62443 series in critical infrastructure and challenges faced with introducing security controls.

Ofgem is proud to be an equal opportunity employer. We embrace diversity and are committed to creating an inclusive environment for all employees. All employment is decided on the basis of open and fair competition, merit and business need. #LI-Remote

 

Purpose

Ofgem works on behalf of energy consumers to ensure that every household and business in the UK can rely on a safe, affordable, and environmentally sustainable energy supply. We are playing a vital part in accelerating the transition to Net Zero and a carbon neutral energy system – a goal that everyone wants to achieve. Whatever your role, you’ll be playing your part in creating new energy solutions that are great for customers, and great for the environment.

Underpinning the vision to improve the behaviour of energy sector participants and deliver greener, fairer outcomes for consumers is the Cyber Profession which provides a dynamic and flexible working environment, that enables and inspires at all levels, to protect users’ security of energy supply, citizens & business energy data, and Ofgem’s internal people and operations.

This role will be part of the Cyber Security Profession at Ofgem, which has two main objectives:

• Protecting the UK National Infrastructure – Act as Competent Authority (CA) for implementing Regulations for Operators of Essential Services (OES), to improve security and resilience in the Downstream Gas and Electricity sector (DGE).
• Protecting Ofgem – Ensure that Ofgem maintains appropriate levels of security, privacy, and resilience to protect, our people, data, operations, and facilities from harm.

This role will be working in the CA function reporting to the Head of Engagement.

The key purpose of this role is to maintain relationships with OES, for CA to deliver a model which is engaging and partnering in nature, thus ensuring operational systems and networks in the DGE sectors in Great Britain remain resilient against cyber and related security threats.

The person shall adhere to practices and processes to ensure quality of work, provide regular internal reporting, identify opportunities for cross-sharing information within the CA and escalate matters where required.

The value this provides is:

• Sector specific assessment and improvement.
• Risk based approach balancing business, consumer, and National interests.
• Confidence for OES to embrace and build energy system for the future.
• Approach receptive by Industry, reducing the likelihood of a ‘paper-based’ or ‘tick-box’ approach for regulations.
• Provide public confidence, balance accountability, and maximise investment in a pace commensurate with the risk profile and of value for consumers.

Key Responsibilities

• Work collaboratively for an assigned portfolio of Operators of Essential Services (OES).
• Provide expert and practical advice for the interpretation and applicability of the NIS regulatory framework as it applies to RIIO. This will include;
• Consulting with OES on and the interpretation of risk assessments.
• Reviewing RIIO submissions and supporting documentation.
• Consulting with OES to review its cyber resilience mitigation plans and make recommendations for improvement.
• Establishing the evidence to validate the adequacy of RIIO submissions.
• Produce custom advisory guidance.
• Drive cyber resilience maturity by engaging with subsectors to provide advisory guidance, and understand and use regulatory powers where needed.
• Be an active member of the UK security community by sharing best practice for the sector, in a consultative manner with OES, BEIS, HSE and NCSC, and contribute to wider meetings with other CAs, CEER, ACER, DCMS and BEIS.
• Assess cyber resilience investment plans for Price Control (RIIO) portfolio of OES and provide a determination based on business need, optionality, cost assessment, and appropriate and proportionate cyber capabilities.
• Monitor delivery of cyber resilience price control deliverables.
• Provide oversight to the RIIO process, ensuring production of quality documents, methodology, and consulting on licence conditions.
• Provide recommendation into the inspection programme and ensure outputs are managed effectively.
• Provide recommendations to the Enforcement team with regards to NIS compliance.
• Manage the development and maintenance of organisational policies, products and methodologies to drive continuous improvement.
• Create and maintain analysis of the sector and subsectors performance in relation to the NIS regulations and RIIO price control deliverables, socialise analysis with OES, other Government departments, and Competent Authorities and make recommendations to drive increased cyber resilience maturity across the DGE sector.
• Leverage cyber intelligence relating to the sector (threats, vulnerabilities, controls, and incidents) to maintain an understanding of threats to the sector and utilise lessons learnt in engagements with OES and to drive process improvements.

Key Outputs and Deliverables

• Value for money for consumers from Ofgem, by guiding, reviewing, challenging, and monitoring OES cyber resilience investment plans for the RIIO price control.
• Engage with the OES community in an advisory capacity to support the implementation and continual improvements for the NIS regulations.
• Timely advise on sector related threats, vulnerabilities, controls, and incidents to OES.

Key Stakeholder Relationships

• Network companies, Large Generators and Energy Distributors.
• Government and public sector bodies, e.g., Department for Business, Energy, and Industry Strategy (BEIS), NCSC and Department for Digital, Culture, Media, and Sport (DCMS)
• Ofgem leadership team
• Ofgem Enforcement team
• Ofgem CA
• CEER, Research institutions, Academia, etc

Please ensure you demonstrate clearly, within your personal statement,  how you meet each of the criteria below (not more than 1250 words): In the event of receiving a large number of applications, an initial sift may take place on just the lead criteria indicated below:

Essential

• Proven client-facing experience with strong negotiation, advising and coaching skills. An effective and engaging communicator, with experience working effectively with key external stakeholders (LEAD)

• Demonstratable experience of working in operational technology cyber security in Critical National Infrastructure either in a Regulator or Energy sector capacity. (LEAD)

• Experience in conducting cyber risk assessments within an operational technology or Critical National Infrastructure environment and development of mitigation plans.

• Understanding of cyber security risks affecting industrial control systems, and consideration of appropriate and proportionate security controls to mitigate such risks.

• Working knowledge of IEC62443 series in critical infrastructure.

Familiarity of the NIS Directive and NCSC CAF Framework

Desirable

• Certification or experience to one or more of the following: GICSP, SABSA, TOGAF, CEH, T2/ED2 License Conditions.
• Knowledge or awareness of of NIST 800-53 and/or NIST 800-82 in CNI.

We’ll assess you against these behaviours during the selection process:

• Working Together
• Delivering at Pace
• Communicating and Influencing

We’ll assess you against these technical skills during the selection process:

• Please see candidate pack for details.

Alongside your salary of £43,650, OFGEM contributes
£11,786 towards you being a member of the Civil Service Defined Benefit Pension scheme.

Find out what benefits a Civil Service Pension provides.

Ofgem can offer you a comprehensive and competitive benefits package which includes; 30 days annual leave after 2 years; Excellent training and development opportunities; The opportunity to join the generous Civil Service pension which also includes a valuable range of benefits; Hybrid working (currently 1 day a week in the office but is in review), flexible working hours and family friendly policies. Plus lots of other benefits including clean and bright offices based centrally, engaged networks and teams and an opportunity to contribute to our ambitious and important targets of establishing a Net Zero energy system by 2050. This exciting blend of professional challenge and personal reward identifies career opportunities at Ofgem as something to get excited about.

This vacancy is part of the Great Place to Work for Veterans (opens in a new window) initiative.

The Civil Service welcomes applications from people who have recently left prison or have an unspent conviction. Read more about prison leaver recruitment (opens in new window).

Once this job has closed, the job advert will no longer be available.
You may want to save a copy for your records.

Job contact :

• Name : Jen Hughes
• Email : Recruitment@ofgem.gov.uk
• Telephone : N/A

Recruitment team

• Email : recruitment@ofgem.gov.uk