Head of Security, Privacy and Resilience
Ofgem, the Office of Gas and Electricity Markets, is seeking a proven cyber security leader for the newly created Deputy Director position of Head of Security, Privacy and Resilience.
Ofgem are a non-ministerial government department and an independent National Regulatory Authority. Our principal objective is to protect the interests of existing and future electricity and gas consumers. Our operations and the services we provide are critically dependent on creating, collating, analysing and sharing information to enable us, consumers and energy suppliers to derive value from it. In today’s connected world, such information is also valuable to competitors, criminals and hostile governments.
We seek an innovative, dynamic and highly motivated security leader with experience of operating across the public and private sectors, ideally with experience of the gas and electricity sectors or critical national infrastructure to fulfil a challenging but rewarding position, working across UK Government Departments and with senior stakeholders in Ofgem and industry.
The Head of Security, Privacy and Resilience is a critical and highly important new position within the organisation, taking direct responsibility for devising and driving effective security strategies both internally within the department and externally in a highly visible role to industry. This will include:
- Ensuring robust internal information security and privacy strategies are in place and implemented effectively to protect the organisation from multiple cyber threats;
- Balancing the risks and costs associated with mandating, implementing and maintaining adequate levels of security and resilience, whilst continuing to enable the wider business and IT agendas;
- Securing Ofgem, keeping staff and facilities safe, protecting them from any potential harm caused by criminal and terrorist acts or natural disasters.
In addition, you will ensure:
- Compliance with the new NIS (Network and Information Systems) regulations for Operators of Essential Services (OES), ensuring a risk-based approach is taken with due consideration for wider interests;
- The confidentiality, availability and integrity of information Ofgem processes and Ofgem’s information that is processed by others, including ensuring compliance with the Data Protection Act 2018 and the EU GDPR;
- The security and resilience of Ofgem’s people, IT systems, business operations and facilities.
The Head of Security and Resilience will need to establish lasting effective and proactive working relationships with key stakeholders including counterparts at DCMS, the Cabinet Office, NCSC, CPNI, NCA, BEIS, that combine business, technical and security disciplines at local, national and international levels.
Specific skills and capabilities
- Substantial Central Government and/or industry experience in a combination of business and risk management, information security, IT services and operational security positions.
- Direct experience in leading the definition and delivery of a robust and wide-ranging security and privacy strategy.
- Relevant skills and experience in:
- Operating in an IT/IS/OT environment, specifically related to managing the security of critical systems;
- Operational Technology and/or Control Systems;
- Operating in a regulated environment
- Knowledge and understanding of critical national infrastructure (CNI) in the energy sector, the technologies used and the security measures available.
- Proven transformation programme experience, ensuring agile and collaborative working practices are communicated and adopted effectively across the enterprise.
- Proven experience of working with strategic vendors and partners to deliver high impact and fit-for-purpose results.
- Knowledge across relevant information security and privacy management frameworks and legislation, such as NIST, the NIS Regulations 2018, ISO/IEC 27001, ITIL, COBIT, Data Protection Act 2018 (GDPR).
- Proven experience as a senior security leadership position with significant Board / Senior Civil Servant exposure and experience.
- Professional security certifications, such as CISSP, CISM, ISO 27001, SANS GICSP, CRISC or other similar credentials.
- Experience of collaborating with the security, intelligence and law enforcement agencies.
- Knowledge and understanding of security provisions for smart meters.
- Knowledge of IEC62443 series in critical infrastructure.
- Conducted regional workshops and awareness sessions.
- Educated to Degree level or equivalent in an engineering or technology-based discipline.
Whilst there are several essential requirements for applicants to consider, as important is a genuine desire to add tangible value as a Civil Servant and embrace Ofgem’s core mission and business objectives. A highly visible role, we are seeking someone with the gravitas and vision to drive the strategy and build a cyber security function of 20+ people over the next few years. The position will enable the incumbent significant access to senior cyber security SMEs across government and the CNI sector and reports directly to the senior leadership team within Ofgem.
If you are interested in the position, please send the following for consideration
- a copy of your CV
- a statement of suitability describing how you best meet the skills, experiences and competencies required for the role (limited to two sides of A4)
Applications will close 9am on Monday 24th September 2018