Cyber Security Technical Specialist

We our looking for a Principal Cyber Security Technical Specialist to join our Water Supply team, part of Ofwat's RAPID & Environmental Planning directorate. The team focuses on water company investment planning and the delivery of water supply (source to tap) including water resources, treatment and distribution. In our Price Review 2024 (PR24) final determination, we have made record allowances of £455 million for water sector cyber security. However, the requirements of the sector continue to evolve. We have recently consulted on a cost change process, which would be an opportunity for the water companies to submit requests for additional allowances, if there are significant changes in the cyber security environment. As we await further details of which recommendations from the Independent Water Commission the government plans to accept, Ofwat will continue to work ever more closely with the DWI and the water companies on cyber resilience. The Ofwat Principal Cyber Security Technical Specialist role will play an important part in shaping this increased engagement and how we respond to developments in the cyber security sector. For example, we expect engagement with Defra and to track the proposed Cyber Security and Resilience Bill (CSRB) as it passes through parliament and into legislation, considering the impact on the water sector.

We’re looking for an experienced cyber security professional who can combine strong technical insight with strategic thinking. You’ll have experience conducting or reviewing risk assessments, managing cyber security risks, and evaluating the costs and value for money of different cyber security solutions. You’ll have a solid understanding of the current cyber security landscape and the ability to assess both detailed technical proposals and their wider policy or strategic implications. While experience in a regulatory body or the water sector would be an advantage, it isn’t essential.

• 1. Relevant cyber security experience including planning and delivery, assessment of costs and value, and/or risk assessment of security vulnerabilities.
• 2. Ability to demonstrate strong knowledge of cyber security frameworks, particularly NCSC CAF, and ideally certified as CISSP, CISM, or GICSP (or equivalent).
• 3. Excellent communication skills, both oral and written, with the ability to review and respond effectively to company cyber security plans and strategies, as well as communicate complex concepts to technical and non-technical audiences.
• 4. Experience of building and maintaining constructive working relationships with internal and external stakeholders, including the ability to influence and collaborate effectively to deliver desired outcomes.
• 5. Flexible approach to work in a dynamic and fast-paced environment with the ability to prioritise workloads and work autonomously.
• 6. Strong analytical and problem-solving skills, with the ability to analyse complex security issues, identify root causes, and develop effective solutions.