Cyber Security Governance & Assurance Manager

Job Description

Cyber Security Governance & Assurance Manager

Based at Culham Oxfordshire. This role is suitable for hybrid and fully remote working.

Salary up to £60,541 plus a £2,000 South East Allowance if based in the area and generous benefits package

Permanent/Full Time

The Civil Nuclear Constabulary (CNC) is an armed police service that's dedicated to the nuclear industry. Our vision is to be recognised as a provider of a world-class service for the protection of nuclear material and facilities. Given the critical nature of our work, it's vital that we recruit skilled and committed professionals to join our high-performing team.

The Cyber Security Governance & Assurance Manager will be passionate about cyber security and ready to play a key role in protecting critical systems and information, at the forefront of our cyber defence strategy and overseeing compliance with cyber security policies, the management of cyber risk and ensuring that our systems and processes meet the highest cyber security standards.

Key Accountabilities

• Enhance and maintain governance and assurance frameworks to ensure adequate oversight and management of Cyber Security & Information Assurance (CS&IA) risk.
• Monitor progress against the Cyber Security Strategy and ensure that Key Cyber Objectives (KCO) and Key Cyber Activities (KCA) are reported to CNC leadership.
• Assure the adequacy of CS&IA reporting to governance forums
• Ensure that cyber security risks are identified, reported, reviewed and acted upon.
• Ensure that the IT cyber risk register and outputs from penetration testing are appropriately shared, reported and acted upon.
• Ensure evidence of thresholds and tolerances for cyber security operational controls are defined and monitored for critical systems.
• Oversee the reporting of Management Information with requirements and parameters defined and adhered to.
• Ensure third-party vendors adhere to security policies through regular risk assessments
• Provide proportionate advice to ensure implementation of 'secure by design' principles, governance and compliance with frameworks.
• Monitor the testing, monitoring and management of security controls, so that the CNC's data and information systems are secured.
• Assess the effectiveness of cyber security risk assessments and risk management plans, taking account of business goals, and improvements.
• Support disaster recovery planning and testing.
• Assist in cyber security audits
• Review compliance with legal and regulatory requirements
• Deliver clear, concise reports and briefings to stakeholders.

Skills and Experience Requirement

Personal attributes

• attention to detail and a methodical approach
• excellent communication, collaboration and external engagement skills
• ability to lead and influence, both externally and internally
• ability to write formal documents and present complex information effectively
• reasoned judgement and analytical skills to make effective decisions
• awareness of the broader impact of cyber decisions (social, ethical, environmental).

Specialist skills

• ability to plan an audit or compliance review
• risk assessment and management skills
• knowledge of sector-specific audit requirements and tools
• an understanding of relevant legislation, regulations and standards
• familiarity with SIEM, network analysis tools, techniques and procedures
• ability to adopt the adversarial approach to challenge and rigorously test policies and systems as part of an intelligence-led security assessment

Qualifications

CISP, ISMP, CCST, CompTIA or similar Risk Management Qualification is desirable. Membership of CIISeC an advantage.

The post holder must comply with Equalities Legislation and promote equality, diversity and inclusivity through their daily interactions. The post holder must avoid any behaviours which discriminate against others on the grounds of age, disability, gender reassignment, race, religion or belief, sex, sexual orientation, marriage or civil partnership, pregnancy or maternity, political opinion or trade union membership

This role has been assessed as suitable for hybrid working with a 60% / 40% split, or for fully remote working, which will be discussed and agreed with the successful individual.

Benefits of working for the CNC:

• 27.5 days annual leave (rising by 1 day after 2 years' service, and 0.5 days ever year thereafter until a total of 32.5 days is reached) plus Bank Holidays
• Additional 30 minutes time worked during the week to accrue additional leave of 3 days, which can be used for period between Christmas and New Year
• Flexi-time working scheme
• Bonus scheme - dependent on oganisational and personal performance, up to a maximum of 7% of salary
• Subsidised Costa Coffee, restaurant, and deli on site at Culham HQ
• Eligible to join the national Blue Light Card scheme, which offers discounts on a variety of products and services
• Enhanced family friendly and wellbeing policies
• Cycle to Work scheme

As police staff the public expect us to display the highest standards, values, and professional qualities at all times. The CNC values and Code of Ethics applies to all police staff and sets out the principles and standards of behaviour we expect to see, and you are responsible for displaying and delivering these to the highest standards.

Equality, Diversity and Inclusion are central to the values of our organisation. At CNC we value and embrace the unique experiences, identities and abilities that each of us bring to our roles. We strive to empower everyone to bring their authentic self openly and safely to work.

Through the dedicated commitment of our affinity networks, ED&I team and wider HR departments, we are on a journey to embed our ED&I commitments, ensuring the CNC is an employer of choice; where everyone feels included.

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact the Police Staff Recruitment Team to request accommodation.

Please review the video links below which will give you an overview of the vetting process that you will be required to go through if you are successful in your application to join the CNC:

• Vetting: An Overview - https://youtu.be/lRit8RA7Zpo
• Vetting and Finances - https://youtu.be/JmZP7r-9MEE
• Vetting and Life Experiences - https://youtu.be/jVPHvgpB8nc

Responsibilities

• Review and maintain organisational framework models for governance and assurance to ensure adequate oversight and management of Cyber Security & Information Assurance (CS&IA) risk .
• Monitor the implementation of the Cyber Security Strategy and ensure that Key Cyber Objectives (KCO) and Key Cyber Activities (KCA) are reported against to CNC leadership, delivering a structured assessment against delivery of strategic objectives.
• Assure the adequacy of CS&IA information provided to governance forums
• Ensure that cyber security risks are adequately reported to governance bodies, are regularly reviewed and challenged.
• Ensure that the IT cyber risk register and outputs from penetration testing are appropriately shared, reported and where appropriate acted upon.
• Ensure evidence of thresholds and tolerances for cyber security operational controls are defined and monitored and that they cover all critical systems.
• Oversee the reporting of Management Information to ensure a structured model, with reporting requirements and parameters defined and adhered to.
• Ensure third-party vendors adhere to security policies through regular risk assessments
• Provide proportionate advice to ensure implementation of 'secure by design' principles, governance and compliance with frameworks.
• Deliver advice upon addressing identified cyber security risks
• Monitor the testing, monitoring and management of security controls, so that the CNC's data and information systems are secured.
• Assess the effectiveness of cyber security risk assessments and risk management plans, taking account of business goals, and making plans for improvement,
• Ensure adequate disaster recovery plans are in place in the event of a Cyber Attack and that these are being regularly tested and improved based on lessons learnt
• Assist in cyber security audits
• Review compliance with legal and regulatory requirements.
• Write formal reports, and deliver oral briefings, on the findings of audits and compliance reviews.

Qualifications

CISP, ISMP, CCST, CompTIA or similar Risk Management Qualification is desirable. Membership of CIISeC an advantage.