Length of employment: Job Summary: Stand at the forefront of cyber resilience in Britain's energy sector. Ofgem is looking for a Regulatory Cyber Assurance Principal to join us and lead the charge in challenging and strengthening the security of the nation's most critical infrastructure. Ofgem is Great Britain's independent energy regulator. We're at the forefront of change across the energy sector, driving toward Net Zero whilst protecting energy consumers - especially vulnerable people. We're offering a permanent position where you'll operate at the sharp end of cyber risk assurance for the UK's Downstream Gas and Electricity (DGE) sector. You'll be making sure our cyber security and systems across the industry are in top shape and compliant with regulations. This is a rare opportunity to apply your cyber expertise at the strategic heart of national resilience. As the lead for cyber assurance, you'll guide essential service providers through complex cyber compliance requirements while helping to shape the regulatory frameworks of tomorrow. You'll be a thought leader, with the authority to challenge, influence, and set the pace for improvements across a fast-evolving threat landscape. We're looking for someone with a deep understanding of cyber security in Operational Technology and Critical National Infrastructure environments, who can navigate regulatory frameworks, technical security controls and business-level decision making with confidence. You'll be a strong, credible leader with technical cyber security experience that focuses on inspections, audits or strategic engagement. At Ofgem, you'll join an inclusive, expert team that is collaborative, mission-led and respected across industry. We offer hybrid working, excellent pension and leave benefits, and the chance to contribute to one of the most important public policy missions of our time. You'll also have the scope to lead innovation, shape how cyber resilience is tested, and work alongside some of the most skilled professionals in the UK cyber community. We have a critical purpose to assure and strengthen the cyber resilience of the UK's energy infrastructure, and your leadership will have both national impact and global visibility. Job Description: Purpose Operate as Ofgem's Cyber Assurance expert, providing cyber assurance, engagement and advice across Operators of Essential Services (OES) with high strategic impact to GB critical national infrastructure. Provide leadership on assurance to the DGE sector regarding compliance to the NIS regulations. Assess and make expert determinations on compliance with the NIS regulations. Provide expert advice regarding enforcement actions where NIS regulations have been breached. Plan, conduct, oversee and deliver a set of inspections, audits and tests in line with the NIS regulations. Provide inclusive corporate leadership, using your expertise to provide comprehensive knowledge sharing, support and development that demonstrate commitment to Ofgem values. Key Responsibilities: Provide expert advice and guidance to the DGE sector on the compliance with the NIS regulations and ensuring through inspections, audits and testing that OES maintain compliance. Using expertise in cyber security and cyber regulation to drive cyber resilience improvements across the DGE sector by developing and improving on inspection frameworks. Design, Implement and Improve processes to deliver auditing processes against the NIS regulations To support the team deliverables, that utilise your expertise to ensure successful outcomes across team members and collaborating teams Provide clear and transparent work objectives, milestones, and success metrics in your area of expertise to oversee and co-ordinate successful team outcomes. Collaborate closely with other teams to manage interdependencies, risks, and resourcing to support portfolio delivery. Where required, be jointly responsible with the PDL on welfare and pastoral care of all colleagues. Demonstrate effective diversity and inclusive team management within their team and the wider organisation. Key Outputs and Deliverables Engage with Operators of Essential Service on assurance plans and activities. Conduct onsite NIS inspections or audits against operators of essential service and create quality reports. Review reporting, including key performance indicators, and act as key decision-maker for the delivery of Technical Security test services against requirements. Ensure alignment with government and industry objectives and standards and liaise with senior stakeholders on how these can be met. Create and provide expert analysis of the sector and subsectors performance in relation to the NIS regulations based on inspections, audits and tests conducted. Be an active member of the UK security community by sharing best practice (e.g., cyber resilience, NIS Regulations, cyber policy) for the sector, in a consultative manner with OES, BEIS, HSE and NCSC, and contribute to wider meetings with other CAs, CEER, ACER, DCMS and BEIS. Provide cyber policy expertise and oversight to the Enforcement process, ensuring production of quality documents, methodology, reporting, and consulting on assurance activities such as Security Testing. Effectively communicate recommendations to the Advisory, Standards and Enforcement teams based on expert judgement and understand and use regulatory tools to drive improvements. Lead innovation and development of organisational policies, products, and methodologies to drive continuous improvement. Leverage cyber intelligence (threats, vulnerabilities, controls, and incidents) to maintain an understanding of threats to the sector and utilise lessons learnt in engagements with OES and to drive process improvements. Act as the go-to expert and coach for junior members of the team. Deliver and support NIS Inspector training. Support the development of a high-performing team based on effective resource management, ongoing support, and professional development Provide expert guidance to help team members deliver, by building supportive, inclusive team environment based on trust-based relationships, transparency, and inclusivity. Promotes the development of individuals against the career framework. Takes ownership for own continued expert development and other team members' professional development relating to the role by: Identifying your own continued professional development. Providing ongoing coaching and identification of development opportunities. Provide advice and support for colleagues who are pursuing professional qualifications. Ofgem can offer you a comprehensive and competitive benefits package which includes; SCS1 holiday entitlement; Excellent training and development opportunities; The opportunity to join the generous Civil Service pension which also includes a valuable range of benefits; hybrid working (currently 1 day a week in the office but this is kept under review), flexible working hours and family friendly policies. Plus, lots of other benefits including clean and bright offices based centrally, engaged networks and teams and an opportunity to contribute to our ambitious and important targets of establishing a Net Zero energy system by 2050. This exciting blend of professional challenge and personal reward identifies career opportunities at Ofgem as something to get excited about. Essential Criteria: Expertise in cyber security, evidenced through an appropriate professional qualification such as CISSP, CISA, CISM, ISO 27001 Lead Auditor, GICSP, SA/IEC 62443 Cybersecurity Expert, relevant degree or relevant industry experience. Experience of any the following: Expert in understanding cyber risk assessments and methodologies in relation to OT and IT of Critical National Infrastructure environments, and the application of appropriate and proportionate controls across people, process, and technology to mitigate risk. Practitioner in advising on the implementation of cyber regulation and policy, promoting good security practice within the sector. Proven client-facing experience with strong negotiation, advising and coaching skills across a wide range of cyber security best practices, cyber risk assessment and cyber regulation. Proven experience of inspecting, auditing, or testing with an information security role. Extensive experience working collaboratively with diverse colleagues. Have experience in the process of developing and managing a range of options and decisions that aligns with your organisation's priorities. Able to hold and maintain SC Clearance "},"NationalSecurityVettingRequirements":"Security Check (SC) To help VERCIDA find roles that are best suited to you at DCMS, we ask you to confidentially share information about yourself with us. Any data VERCIDA receive is securely stored and never shared with third parties. 'Did you know that users who have filled in their profile fully are 42 times more likely to get matched with the right employer?' 'At DCMS we are committed to having diverse interview panels at every grade we recruit.' Applying for a job in Manchester? Find out more about the culture here