You will be responsible for:
-
Leading cyber security risk assessments, threat analysis and assurance activities, ensuring alignment with government standards, regulatory requirements and organisational risk appetite
-
Providing expert advice to stakeholders on cyber security risks and mitigation strategies, enabling informed and auditable decision making
-
Supporting and delivering the Cyber Security Audit & Assurance programme, including planning and leading audits, assessing controls and reporting findings
-
Leading the development, implementation and continuous improvement of cyber security policies, standards and the Cyber Security Assurance Framework
-
Working closely with commercial teams, suppliers and contract managers to embed security considerations throughout the procurement lifecycle and across the supply chain
-
Leading supply chain security assurance activities, identifying risks and supporting the development of remediation plans with relevant stakeholders
-
Communicating complex security concepts clearly to both technical and non-technical audiences, including senior leaders
-
Monitoring compliance with security policies and contributing to the continuous improvement of governance and assurance processes
-
Promoting security awareness and supporting the development of training and guidance to strengthen organisational capability
-
Supporting the delivery of key security programmes, including CAF assessments, departmental security health checks and security testing activities
We are looking for an experienced cyber security professional with a strong background in governance, risk and compliance. You will have a proven ability to lead security-related activities or teams, and experience delivering assurance in complex organisational environments.
You will bring a deep understanding of cyber security principles and frameworks, including experience of conducting risk assessments, applying control frameworks such as ISO 27001/2, and delivering Cyber Assessment Framework (CAF) audits. Your experience will also include working with suppliers and managing security risks across the supply chain.
Your communication and influencing skills will be key to success in this role. You will be confident engaging with a wide range of stakeholders, translating technical risks into clear business impacts and helping stakeholders understand their responsibilities in managing security.
You will also have strong analytical skills, enabling you to assess both qualitative and quantitative information, develop evidence-based recommendations and support continuous improvement in security practices. Professional certifications such as CISSP or CISM will support your credibility and effectiveness in this role.
In addition, you will demonstrate the ability to operate at pace, make effective decisions in complex environments and contribute to a culture of collaboration and continuous improvement. Experience in areas such as security architecture, security operations or security awareness would be beneficial.
This is an opportunity to play a critical role in protecting Ofgems systems, services and data. Your work will directly support the organisations ability to operate securely, manage risk effectively and deliver better outcomes for energy consumers, at a time when cyber security has never been more important.