Lead Regulatory Security Advisor
New Yesterday
4 weeks ago Be among the first 25 applicants
We especially welcome applicants from Glasgow and Cardiff.
Job Summary
Are you someone that thrives when tackling complex security challenges and driving impactful change?
Ofgem is Great Britain’s independent energy regulator - a critical role that puts us at the forefront of cyber security, ensuring public data is safe and secure and that we set the standard for the energy industry. We’re looking for a knowledgeable security advisor to join our team as a Lead Regulatory Security Advisor.
The successful candidate will join us and support operators of essential services (OES) in following and adhering to regulatory requirements for cybersecurity practice, in line with industry norms and best practice. You will work with external organisations to understand security challenges and monitor progress for security improvements.
This a permanent role within our Cyber Guidance & Monitoring (G&M) team, which sits within Ofgem’s Cyber and AI Directorate. The G&M team focus on ensuring resilience is built into systems run by energy operators who control the UK’s energy infrastructure. We do this as part of our role as Joint Competent Authority (“CA”) for the Network and Information Systems Regulations 2018 (“NIS Regulations”). We provide 1-2-1 and sector-wide advice and guidance to operators throughout their security journeys, seeking to build greater collective industry resilience. We are very fortunate to be able to help influence and shape the security and resilience of a whole sector (specifically, the Downstream Gas and Electricity sector).
As a knowledgeable security professional, you’ll coordinate and assist with high-profile security improvement projects, engaging with a wide range of internal and external stakeholders to shape security posture, implementing best practice in line with National Cyber Security Centre (NCSC) guidance and relevant standards (e.g., the CAF). This is a chance to be at the forefront of innovation and meaningful change, championing secure by design principles and influencing digital strategies that benefit millions. It’s an exciting time to join us!
At Ofgem, we offer more than just a job – we provide a supportive and flexible working environment designed to help you thrive. With hybrid working arrangements, newly refurbished offices in central London, Glasgow, or Cardiff, and a generous rewards package that includes excellent professional learning and development opportunities (including access to potential higher education funding – subject to review), you’ll find everything you need to excel both professionally and personally.
For further details on the role and on our hybrid working arrangement, please read the candidate pack and other documents below.
Job Description
Our team is multidisciplined, comprising of cybersecurity and operational technology specialists who focus on building security requirements and guidance for solutions used across the sector. Solutions that are used by a multitude of energy operators – Operators of Essential Services (OES) - who manage and control our energy infrastructure.
We Are Looking For Someone Who Can:
- Apply their existing knowledge and understanding of cybersecurity to support operators of essential services in following and adhering to regulatory requirements for cybersecurity practice, in line with industry norms and good practice.
- Identify areas for improvement and shared challenges across the sector, and recommend approaches to achieve better security outcomes
- Work with external organisations to understand security challenges and monitor progress for security improvements and projects
- Assess the overall sector maturity of an OES or the wider sector against relevant security frameworks, specifically the NCSC Cyber Assessment Framework (“CAF”).
- Influence pragmatic, impactful security outcomes, drive good behaviours, and where necessary make recommendations for programme or process improvements relating to security in line with NIS Regulations
- Help OES manage the delivery and development of new or changed infrastructure projects that are of high strategic importance to GB critical national infrastructure
- Provide support to others across the team and, when appropriate, to the wider Ofgem function
- Raise awareness and influence any related workstreams and projects to support wider UK energy systems resilience aims
We are looking for someone who can:
- Analyse and assess the security posture of OES to identify common security risks affecting the sector
- Establish effective partnerships with relevant Security, Intelligence and Law Enforcement Agencies, other Regulators and energy sector partners to address these concerns (e.g. DESNZ, NESO, NCSC)
- Support delivery of a set of work deliverables on time and to a high standard as part of a multidisciplinary team
- Support development and maintenance of a repository of recognised cyber security practice for use internally by the cyber regulatory team or externally with organisations whom Ofgem regulate for management of security risk to network and information systems
- Facilitate effective information sharing across the downstream gas and electricity (“DGE”) sector to accelerate implementation of cyber security best practices
- Ensure understanding of expectations for security are communicated to stakeholders in line with Governments cyber (security) strategy
- Engage with key internal and external stakeholders responsible for organisational and architectural decisions that impact the security of our energy infrastructure to reach and influence a wide range of people across larger teams and communities who collectively are responsible for shaping our energy systems and ensuring their safety and security
- Support the wider inclusive corporate leadership, using your expertise to offer knowledge sharing, support and development that demonstrates commitment to Ofgem’s values
- Utilise excellent stakeholder management skills to manage key stakeholder relationships, both internally and externally. Additionally, identify and develop new relationships with partners where required
- Demonstrate continuing commitment to your personal and professional development whilst at Ofgem to enable you to grow
- Be flexible (when required – on an infrequent ad-hoc basis) to travel and support engagement with energy sector participants and stakeholders
- Cybersecurity risk management, risk assessments and relevant methodologies
- Using and applying security frameworks and or technical standards e.g. NCSC CAF, NIST CSF, ISO 27K, CIS Controls, IEC/ISA 62443 to support practice (CAF experience is valued, but not essential – desirable)
- A combined niche IT and OT security skillset or equivalent knowledge is highly desirable (but not essential)
- Effective stakeholder management within security projects
- Participation in security improvement project / programme delivery. Experience in the security of cyber physical systems is desirable
- Delivering impactful security advice and guidance aligned to best practice and wider well-known standards/frameworks
- Operational roles within the energy industry, or experience working with CNI (desirable, not essential)
- Involvement with industry working groups e.g., ESIE, NCSC COI, Energy UK, ENA, with a focus on energy security and system resilience (desirable, not essential)
- Client-facing experience, including negotiation, advisory and coaching skills (internal or external) is desirable
We Value Experience In:
- Cybersecurity risk management, risk assessments and relevant methodologies
- Using and applying security frameworks and or technical standards e.g. NCSC CAF, NIST CSF, ISO 27K, CIS Controls, IEC/ISA 62443 to support practice (CAF experience is valued, but not essential – desirable)
- A combined niche IT and OT security skillset or equivalent knowledge is highly desirable (but not essential)
- Effective stakeholder management within security projects
- Participation in security improvement project / programme delivery. Experience in the security of cyber physical systems is desirable
- Delivering impactful security advice and guidance aligned to best practice and wider well-known standards/frameworks
- Operational roles within the energy industry, or experience working with CNI (desirable, not essential)
- Involvement with industry working groups e.g., ESIE, NCSC COI, Energy UK, ENA, with a focus on energy security and system resilience (desirable, not essential)
- Client-facing experience, including negotiation, advisory and coaching skills (internal or external) is desirable
Role Criteria
Essential
- Demonstrable experience in cybersecurity risk management, risk assessments and relevant methodologies (LEAD)
- Demonstrable experience using and applying security frameworks and or technical standards e.g. NCSC CAF, NIST CSF, ISO 27K, CIS Controls, IEC/ISA 62443 to support practise (LEAD)
- We recognise that the security and technology/engineering industries have wide range of qualifications that can support demonstration of competency. We highly value any relevant cyber/information security or engineering certifications, or the equivalent level of knowledge being demonstrated through comprehensive hands-on experience
- Experience of effective stakeholder management and participation in security improvement project / programme delivery
- Able to achieve and maintain SC clearance
Experience In:
- the Network and Information Systems Regulations 2018 (NIS Regulations) and the NCSC’s Cyber Assessment Framework and CAF collection
- A combined niche IT and OT security skillset or equivalent knowledge is highly desirable (but not essential)
- Involvement with industry working groups e.g., ESIE, NCSC COI, Energy UK, ENA, with a focus on energy security and system resilience (desirable, not essential)
- Prior operational roles within the energy industry, and/or experience working with CNI
We'll assess you against these behaviours during the selection process:
- Seeing the Big Picture
- Changing and Improving
- Making Effective Decisions
- Working Together
We'll assess you against these technical skills during the selection process:
- Please refer to the Candidate Pack and Role Profile attached for full details.
Ofgem can offer you a comprehensive and competitive benefits package which includes; 30 days annual leave after 2 years; Excellent training and development opportunities; The opportunity to join the generous Civil Service pension which also includes a valuable range of benefits; Hybrid working, flexible working hours and family friendly policies. Plus lots of other benefits including clean and bright offices based centrally, engaged networks and teams and an opportunity to contribute to our ambitious and important targets of establishing a Net Zero energy system by 2050. This exciting blend of professional challenge and personal reward identifies career opportunities at Ofgem as something to get excited about.
Selection process details
This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours, Experience and Technical skills.
When you press the ‘Apply now’ button, you will be asked to complete personal details (not seen by the sift panel), and upload a copy of your CV anonymising all details where necessary.
You will then be asked to answer 3 Technical Questions evidencing how you meet the essential and desirable skills and capabilities listed in the role profile. Please ensure you demonstrate clearly, within these answers how you meet each of the essential and desirable skills and capabilities.
The Civil Service values honesty and integrity and expect all candidates to abide by these principles. Ofgem take any incidences of cheating very seriously. Please ensure all examples provided are of your own experience. Any instances of plagiarism or other forms of cheating will be investigated and, if proven, the relevant applications will be withdrawn from the process.
Feedback will only be provided if you attend an interview or assessment.
This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours, Experience and Technical skills.
Security
Successful candidates must undergo a criminal record check.
Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window).See our vetting charter (opens in a new window).
People working with government assets must complete baseline personnel security standard (opens in new window) checks.
Successful candidates must undergo a criminal record check.
Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window).See our vetting charter (opens in a new window).
People working with government assets must complete baseline personnel security standard (opens in new window) checks.
Nationality requirements
This Job Is Broadly Open To The Following Groups:
- UK nationals
- nationals of the Republic of Ireland
- nationals of Commonwealth countries who have the right to work in the UK
- nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
- nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
- individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
- Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service
Working for the Civil Service
The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.
We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).
The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.
The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.
The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.
We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).
The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.
The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.
Diversity and Inclusion
The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see the Civil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window).
This vacancy is part of the Great Place to Work for Veterans (opens in a new window) initiative.
The Civil Service welcomes applications from people who have recently left prison or have an unspent conviction. Read more about prison leaver recruitment (opens in new window).
Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.
Contact point for applicants
Job Contact :
- Name : Lucy Dowding
- Email : recruitment@ofgem.gov.uk
- Email : recruitment@ofgem.gov.uk
Seniority level
Seniority level
Mid-Senior level
Employment type
Employment type
Full-time
Job function
Job function
Other, Information Technology, and ManagementIndustries
Utilities
Referrals increase your chances of interviewing at Ofgem by 2x
Sign in to set job alerts for “Security Advisor” roles.
Glasgow, Scotland, United Kingdom 1 week ago
Glasgow City, Scotland, United Kingdom 4 days ago
Glasgow City, Scotland, United Kingdom 6 days ago
Glasgow, Scotland, United Kingdom 1 day ago
Engineering Manager - Application Security Team
Glasgow, Scotland, United Kingdom 3 weeks ago
SOC Technical Security Service Delivery Manager
Glasgow, Scotland, United Kingdom 6 days ago
Engineering Manager - Mobile App Security Team
Glasgow, Scotland, United Kingdom 1 month ago
Senior Project Manager (Defence & Security)
Glasgow, Scotland, United Kingdom 5 days ago
Glasgow, Scotland, United Kingdom 2 weeks ago
Procurement Consultant - All Levels (Security Cleared)
Glasgow, Scotland, United Kingdom 2 weeks ago
Glasgow, Scotland, United Kingdom 1 week ago
Glasgow, Scotland, United Kingdom 7 months ago
Glasgow, Scotland, United Kingdom 6 days ago
Wemyss Bay, Scotland, United Kingdom 5 hours ago
Glasgow, Scotland, United Kingdom 5 hours ago
Glasgow City, Scotland, United Kingdom 6 days ago
Data Protection Monitoring and Compliance Analyst
Cyber Security Project Manager | Hybrid (2 Days onsite - Glasgow) | £300-£350 p/d (Inside IR35)
Glasgow, Scotland, United Kingdom 1 week ago
Glasgow, Scotland, United Kingdom 5 days ago
Glasgow, Scotland, United Kingdom 1 week ago
Senior Project Manager - Defence & Security
Glasgow, Scotland, United Kingdom 6 days ago
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
#J-18808-Ljbffr- Location:
- Glasgow, Scotland, United Kingdom
- Salary:
- £80,000 - £100,000
- Category:
- Engineering
