Lead Regulatory Security Advisor

4 weeks ago Be among the first 25 applicants

We especially welcome applicants from Glasgow and Cardiff.

Job Summary

Are you someone that thrives when tackling complex security challenges and driving impactful change?

Ofgem is Great Britain’s independent energy regulator - a critical role that puts us at the forefront of cyber security, ensuring public data is safe and secure and that we set the standard for the energy industry. We’re looking for a knowledgeable security advisor to join our team as a Lead Regulatory Security Advisor.

The successful candidate will join us and support operators of essential services (OES) in following and adhering to regulatory requirements for cybersecurity practice, in line with industry norms and best practice. You will work with external organisations to understand security challenges and monitor progress for security improvements.

This a permanent role within our Cyber Guidance & Monitoring (G&M) team, which sits within Ofgem’s Cyber and AI Directorate. The G&M team focus on ensuring resilience is built into systems run by energy operators who control the UK’s energy infrastructure. We do this as part of our role as Joint Competent Authority (“CA”) for the Network and Information Systems Regulations 2018 (“NIS Regulations”). We provide 1-2-1 and sector-wide advice and guidance to operators throughout their security journeys, seeking to build greater collective industry resilience. We are very fortunate to be able to help influence and shape the security and resilience of a whole sector (specifically, the Downstream Gas and Electricity sector).

As a knowledgeable security professional, you’ll coordinate and assist with high-profile security improvement projects, engaging with a wide range of internal and external stakeholders to shape security posture, implementing best practice in line with National Cyber Security Centre (NCSC) guidance and relevant standards (e.g., the CAF). This is a chance to be at the forefront of innovation and meaningful change, championing secure by design principles and influencing digital strategies that benefit millions. It’s an exciting time to join us!

At Ofgem, we offer more than just a job – we provide a supportive and flexible working environment designed to help you thrive. With hybrid working arrangements, newly refurbished offices in central London, Glasgow, or Cardiff, and a generous rewards package that includes excellent professional learning and development opportunities (including access to potential higher education funding – subject to review), you’ll find everything you need to excel both professionally and personally.

For further details on the role and on our hybrid working arrangement, please read the candidate pack and other documents below.

Job Description

Our team is multidisciplined, comprising of cybersecurity and operational technology specialists who focus on building security requirements and guidance for solutions used across the sector. Solutions that are used by a multitude of energy operators – Operators of Essential Services (OES) - who manage and control our energy infrastructure.

We Are Looking For Someone Who Can:

• Apply their existing knowledge and understanding of cybersecurity to support operators of essential services in following and adhering to regulatory requirements for cybersecurity practice, in line with industry norms and good practice.
• Identify areas for improvement and shared challenges across the sector, and recommend approaches to achieve better security outcomes
• Work with external organisations to understand security challenges and monitor progress for security improvements and projects
• Assess the overall sector maturity of an OES or the wider sector against relevant security frameworks, specifically the NCSC Cyber Assessment Framework (“CAF”).
• Influence pragmatic, impactful security outcomes, drive good behaviours, and where necessary make recommendations for programme or process improvements relating to security in line with NIS Regulations
• Help OES manage the delivery and development of new or changed infrastructure projects that are of high strategic importance to GB critical national infrastructure
• Provide support to others across the team and, when appropriate, to the wider Ofgem function
• Raise awareness and influence any related workstreams and projects to support wider UK energy systems resilience aims
  
  

Key Responsibilities

We are looking for someone who can:

• Analyse and assess the security posture of OES to identify common security risks affecting the sector
• Establish effective partnerships with relevant Security, Intelligence and Law Enforcement Agencies, other Regulators and energy sector partners to address these concerns (e.g. DESNZ, NESO, NCSC)
• Support delivery of a set of work deliverables on time and to a high standard as part of a multidisciplinary team
• Support development and maintenance of a repository of recognised cyber security practice for use internally by the cyber regulatory team or externally with organisations whom Ofgem regulate for management of security risk to network and information systems
• Facilitate effective information sharing across the downstream gas and electricity (“DGE”) sector to accelerate implementation of cyber security best practices
• Ensure understanding of expectations for security are communicated to stakeholders in line with Governments cyber (security) strategy
• Engage with key internal and external stakeholders responsible for organisational and architectural decisions that impact the security of our energy infrastructure to reach and influence a wide range of people across larger teams and communities who collectively are responsible for shaping our energy systems and ensuring their safety and security
• Support the wider inclusive corporate leadership, using your expertise to offer knowledge sharing, support and development that demonstrates commitment to Ofgem’s values
• Utilise excellent stakeholder management skills to manage key stakeholder relationships, both internally and externally. Additionally, identify and develop new relationships with partners where required
• Demonstrate continuing commitment to your personal and professional development whilst at Ofgem to enable you to grow
• Be flexible (when required – on an infrequent ad-hoc basis) to travel and support engagement with energy sector participants and stakeholders
  
  

We Value Experience In:

• Cybersecurity risk management, risk assessments and relevant methodologies
• Using and applying security frameworks and or technical standards e.g. NCSC CAF, NIST CSF, ISO 27K, CIS Controls, IEC/ISA 62443 to support practice (CAF experience is valued, but not essential – desirable)
• A combined niche IT and OT security skillset or equivalent knowledge is highly desirable (but not essential)
• Effective stakeholder management within security projects
• Participation in security improvement project / programme delivery. Experience in the security of cyber physical systems is desirable
• Delivering impactful security advice and guidance aligned to best practice and wider well-known standards/frameworks
• Operational roles within the energy industry, or experience working with CNI (desirable, not essential)
• Involvement with industry working groups e.g., ESIE, NCSC COI, Energy UK, ENA, with a focus on energy security and system resilience (desirable, not essential)
• Client-facing experience, including negotiation, advisory and coaching skills (internal or external) is desirable
  
  

Our team is multidisciplined, comprising of cybersecurity and operational technology specialists who focus on building security requirements and guidance for solutions used across the sector. Solutions that are used by a multitude of energy operators – Operators of Essential Services (OES) - who manage and control our energy infrastructure.

We Value Experience In:

• Cybersecurity risk management, risk assessments and relevant methodologies
• Using and applying security frameworks and or technical standards e.g. NCSC CAF, NIST CSF, ISO 27K, CIS Controls, IEC/ISA 62443 to support practice (CAF experience is valued, but not essential – desirable)
• A combined niche IT and OT security skillset or equivalent knowledge is highly desirable (but not essential)
• Effective stakeholder management within security projects
• Participation in security improvement project / programme delivery. Experience in the security of cyber physical systems is desirable
• Delivering impactful security advice and guidance aligned to best practice and wider well-known standards/frameworks
• Operational roles within the energy industry, or experience working with CNI (desirable, not essential)
• Involvement with industry working groups e.g., ESIE, NCSC COI, Energy UK, ENA, with a focus on energy security and system resilience (desirable, not essential)
• Client-facing experience, including negotiation, advisory and coaching skills (internal or external) is desirable
  
  

Person specification

Role Criteria

Essential

• Demonstrable experience in cybersecurity risk management, risk assessments and relevant methodologies (LEAD)
• Demonstrable experience using and applying security frameworks and or technical standards e.g. NCSC CAF, NIST CSF, ISO 27K, CIS Controls, IEC/ISA 62443 to support practise (LEAD)
• We recognise that the security and technology/engineering industries have wide range of qualifications that can support demonstration of competency. We highly value any relevant cyber/information security or engineering certifications, or the equivalent level of knowledge being demonstrated through comprehensive hands-on experience
• Experience of effective stakeholder management and participation in security improvement project / programme delivery
• Able to achieve and maintain SC clearance
  
  

Desirable

Experience In:

• the Network and Information Systems Regulations 2018 (NIS Regulations) and the NCSC’s Cyber Assessment Framework and CAF collection
• A combined niche IT and OT security skillset or equivalent knowledge is highly desirable (but not essential)
• Involvement with industry working groups e.g., ESIE, NCSC COI, Energy UK, ENA, with a focus on energy security and system resilience (desirable, not essential)
• Prior operational roles within the energy industry, and/or experience working with CNI
  
  

Behaviours

We'll assess you against these behaviours during the selection process:

• Seeing the Big Picture
• Changing and Improving
• Making Effective Decisions
• Working Together
  
  

Technical skills

We'll assess you against these technical skills during the selection process:

• Please refer to the Candidate Pack and Role Profile attached for full details.
  
  

Alongside your salary of £47,895, OFGEM contributes £13,875 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.

Ofgem can offer you a comprehensive and competitive benefits package which includes; 30 days annual leave after 2 years; Excellent training and development opportunities; The opportunity to join the generous Civil Service pension which also includes a valuable range of benefits; Hybrid working, flexible working hours and family friendly policies. Plus lots of other benefits including clean and bright offices based centrally, engaged networks and teams and an opportunity to contribute to our ambitious and important targets of establishing a Net Zero energy system by 2050. This exciting blend of professional challenge and personal reward identifies career opportunities at Ofgem as something to get excited about.

Selection process details

This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours, Experience and Technical skills.

When you press the ‘Apply now’ button, you will be asked to complete personal details (not seen by the sift panel), and upload a copy of your CV anonymising all details where necessary.

You will then be asked to answer 3 Technical Questions evidencing how you meet the essential and desirable skills and capabilities listed in the role profile. Please ensure you demonstrate clearly, within these answers how you meet each of the essential and desirable skills and capabilities.

The Civil Service values honesty and integrity and expect all candidates to abide by these principles. Ofgem take any incidences of cheating very seriously. Please ensure all examples provided are of your own experience. Any instances of plagiarism or other forms of cheating will be investigated and, if proven, the relevant applications will be withdrawn from the process.

Feedback will only be provided if you attend an interview or assessment.

This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours, Experience and Technical skills.

Security

Successful candidates must undergo a criminal record check.

Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window).See our vetting charter (opens in a new window).

People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Successful candidates must undergo a criminal record check.

Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window).See our vetting charter (opens in a new window).

People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

This Job Is Broadly Open To The Following Groups:

• UK nationals
• nationals of the Republic of Ireland
• nationals of Commonwealth countries who have the right to work in the UK
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
• Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service
  
  

Further information on nationality requirements (opens in a new window)

Working for the Civil Service

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).

The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.

The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).

The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.

The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.

Diversity and Inclusion

The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see the Civil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window).

This vacancy is part of the Great Place to Work for Veterans (opens in a new window) initiative.

The Civil Service welcomes applications from people who have recently left prison or have an unspent conviction. Read more about prison leaver recruitment (opens in new window).

Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.

Contact point for applicants

Job Contact :

• Name : Lucy Dowding
• Email : recruitment@ofgem.gov.uk
  
  

Recruitment team

• Email : recruitment@ofgem.gov.uk

• Seniority level
  Mid-Senior level

• Employment type
  Full-time

• Job function
  Other, Information Technology, and Management
• Industries
  Utilities

Referrals increase your chances of interviewing at Ofgem by 2x

Glasgow, Scotland, United Kingdom 1 week ago

Glasgow City, Scotland, United Kingdom 4 days ago

Glasgow City, Scotland, United Kingdom 6 days ago

Glasgow, Scotland, United Kingdom 1 day ago

Glasgow, Scotland, United Kingdom 3 weeks ago

Glasgow, Scotland, United Kingdom 6 days ago

Glasgow, Scotland, United Kingdom 1 month ago

Glasgow, Scotland, United Kingdom 5 days ago

Glasgow, Scotland, United Kingdom 2 weeks ago

Glasgow, Scotland, United Kingdom 2 weeks ago

Glasgow, Scotland, United Kingdom 1 week ago

Glasgow, Scotland, United Kingdom 7 months ago

Glasgow, Scotland, United Kingdom 6 days ago

Wemyss Bay, Scotland, United Kingdom 5 hours ago

Glasgow, Scotland, United Kingdom 5 hours ago

Glasgow City, Scotland, United Kingdom 6 days ago

Glasgow, Scotland, United Kingdom 1 week ago

Glasgow, Scotland, United Kingdom 5 days ago

Glasgow, Scotland, United Kingdom 1 week ago

Glasgow, Scotland, United Kingdom 6 days ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.