Inspector - Network and Information Systems (Cyber Security)

Inspector - Network and Information Systems (Cyber Security)

Civil Service Jobs Reference No: 408233

Salary: £41,220 - £49,020

Grade: SEO

Summary:

Make a difference in protecting public health by becoming a Network and Information Systems Inspector.

The Drinking Water Inspectorate (DWI) is the independent regulator of drinking water quality in England and Wales. Established by Parliament in 1990, the strategic objective is to protect public health and maintain public confidence by securing safe and clean drinking water, now and for future generations.

The powers and duties under which the Inspectorate operates are established in legislation and are wide-ranging, covering all aspects of the quality and sufficiency of water together with duties in regard of network and information systems of public water supplies as delegated by the Secretary of State and Welsh ministers. Statutory duties in relation to private supplies for the provision of technical advice to local authorities and the authority of appeal are provided on behalf of the Secretary of State and Welsh ministers.

The Inspectorate produces its own independent reports for ministers in both England and Wales; reporting on the operational performance of the water companies that it regulates in both countries, and on the performance of local authorities in their duties with respect to private water supplies. These cover assessment of the results of monitoring of drinking water supplied by the water companies’ month by month; investigation of notified events; and site visits and meetings with companies to audit technical operating practices, procedures and policies for compliance with regulation and enforcement notices. In addition to the statutory function, further non-statutory functions are provided, including an evidence programme; consumer and media advice on information about drinking water safety and regulation as well as the running of an independent website.

The Drinking Water Inspectorate has a landing area in 2 Marsham Street, London. You will be expected to attend Inspectorate meetings in this location. The Inspectorate supports flexible working where this is practicable.

Job description

The Network and Information Systems Regulations (NIS) (2018) extended the original Drinking Water Supply regulations to include greater emphasis on the security and reliability of information systems which control drinking water production or delivery, with particular regard to the modern-day threat of cyber security.

The main responsibility of the DWI NIS team is to ensure that the 17 drinking water companies in England and Wales (that are currently within scope of the NIS regulations) take appropriate and proportionate technical and organisational measures to manage any risks posed to the security of their network and information systems. This includes the cyber and physical security of assets on which their essential service of drinking water provision relies.

The Inspectorate regularly needs to respond to an evolving risk picture, or incidents which impact on the water network. Therefore the post holder will need to be flexible and able to adapt quickly to changing work priorities and may be required to participate in the Inspectorate’s response to a security incident. This may include out of hours working on occasion, but the Inspectorate makes every effort to allow for individual personal circumstances and offers a range of flexible working options including remote working and some working from home.

Evaluation of annual self assessments by Operators of Essential Service (OES) against the Cyber Assessment Framework.
Logging and assessment of any reported incidents from the sector.
Scoping of, preparation for and completion of verification audits with selected OESs.
Making recommendations regarding any enforcement action that might be required to address gaps in compliance.
Preparation of new and revision of existing guidance for OES on meeting the requirements of NIS.
Preparation of the annual reports on compliance against NIS and the activities of the Inspectorate in England and Wales for ministers.
Routine liaison with Inspectorate colleagues, Defra, Welsh Government and OESs.
Contribution towards regular internal performance and financial reports.
Person specification

The role requires a candidate to drive continuous improvements in cyber resilience across the drinking water sector and on an interpersonal level, the post holder should have an enquiring mind with good communication and influencing skills and the ability to make effective decisions. NIS Inspectors are involved in a wide range of tasks which includes the evaluation of technical information about the operation and monitoring of network and information systems (Information Technology and Operational Technology) used for drinking water production.

Inspectors will be expected to use their technical expertise to drive continuous improvement in the sector and to ensure that each company complies with their regulatory obligations. Companies carry out a self-assessment using the NCSC Cyber Assessment Framework (CAF) which each company is required to submit to the Inspectorate annually.

Inspectors will review the self-assessment reports from each company to verify the evidence behind the conclusions, together with their improvement plans, project milestone reports, improvement notice updates, capital investment plans, audit reports, and technical risk assessments. It is the role of the Inspector to verify any shortfalls in company performance or non-compliance with the NIS regulations appropriately and the plans to address them.

Supported by the Principal Inspector, Inspectors will be required to carry out enforcement activity when required. The enforcement process involves an escalation process of liaison, guidance and advice, moving to formal requests (notices) for information, through notices to legally require system improvement, to penalty notices for non-compliance of up to £17m.

The Inspector will also be assigned company incident reports, which will require audit and assessment against the regulatory requirements as part of the role. Occasional flexibility may be required to attend site or participate in an emergency incident response.

Inspectors are responsible for the quality and content of regular liaison meetings (quarterly) which take place with each water company in person and on MS Teams. Quality records need to be maintained to demonstrate a real time view of company progress and the quality of engagement.

On an interpersonal level, the post holder should have an enquiring mind with good communication and influencing skills and the ability to make effective decisions.

The Inspector will engage regularly with stakeholders such as NCSC, Defra Security, DSIT, other competent authorities.

The NIS Inspector will deliver the audit plan as set by the Principal Inspector which will include a variety of in person and desk top audits, as well as third party assisted audits using contractors, where necessary.

The work of the Inspector will by supported by the NIS Team Performance Analysts who will use internal and external data sources to track company and sector performance, projects, notice completion and milestones as well as threat and vulnerability reports. The Inspector will be required to interpret this data to produce reports for ministers and senior stakeholders in addition to their regulatory activity.

The Inspectorate offers any successful candidates relevant world class training courses in cyber security and operational technology as part of a tailored personal development plan. Additionally, the post holder will be expected to be proactive in maintaining and expanding their knowledge as technology and cyber risks presented to water supply evolves. Candidates should be aware that there is an additional requirement for:

Time and project management skills in order to deliver the audit programme to schedule.
Technical knowledge of water supply and/or cyber security.
Experience within water industry, cyber security or working for a regulator.
Knowledge of effective governance of risk assessment and mitigation systems.
Ability to communicate and collaborate successfully with a range of stakeholders and colleagues.
Good IT skills with familiarity with software such as Excel and Power BI.
Licenses

As travelling is an integral part of the job, often to areas not served by public transport, candidates should have a valid driving licence.

Membership

Successful candidates will be expected to hold, or already be working towards, chartership with a relevant professional body.

Qualifications

A tertiary level qualification and/or significant experience in a subject related to water supply, industrial control systems or cyber security.

Apply and further information:

For more information and to complete an online application, please visit the Civil Service Jobs website: Inspector - Network and Information Systems (Cyber Security) - Civil Service Jobs - GOV.UK

Apply before 11:55 pm on Monday 21 July 2025.