Principal security specialist

Join to apply for the Principal Security Specialist role at Ofgem

5 days ago Be among the first 25 applicants

Join to apply for the Principal Security Specialist role at Ofgem

Get AI-powered advice on this job and more exclusive features.

We especially welcome applicants from Glasgow and Cardiff.

Job Summary

Are you someone that thrives on tackling complex security challenges and driving impactful change?

Ofgem is Great Britain’s independent energy regulator - a critical role that puts us at the forefront of cyber security, ensuring public data is safe and secure and that we set the standard for the energy industry. We’re looking for a Principal Security Specialist (IT/OT) to join and lead the design, assessment, and implementation of innovative security solutions and associated guidance aimed at protecting critical systems. This work aligns with our core mission: to deliver a fair, sustainable, and secure energy future.

This is a permanent role within our Cyber Guidance & Monitoring (G&M) team, which sits within Ofgem’s Cyber and AI Directorate. The G&M team focus on ensuring resilience is built into systems run by energy operators who control the UK’s energy infrastructure. We do this as part of our role as Joint Competent Authority (“CA”) for the Network and Information Systems Regulations 2018 (“NIS Regulations”). We provide 1-2-1 and sector-wide advice and guidance to operators throughout their security journeys, seeking to build greater collective industry resilience. We are very fortunate to be able to help influence and shape the security and resilience of a whole sector (specifically, the Downstream Gas and Electricity sector).

As an expert in the field, you’ll lead high-profile security improvement projects, engaging with a wide range of internal and external stakeholders to shape security posture, implementing best practice in line with National Cyber Security Centre (NCSC) guidance. This is a chance to be at the forefront of innovation and meaningful change, championing secure by design principles and influencing digital strategies that benefit millions. This role provides a rare opportunity to combine technical expertise with strategic leadership – and it’s an exciting time to join us!

At Ofgem, we offer more than just a job – we provide a supportive and flexible working environment designed to help you thrive. With hybrid working arrangements, newly refurbished offices in central London, Glasgow, or Cardiff, and a generous rewards package that includes excellent professional learning and development opportunities (including access to potential higher education funding – subject to review), you’ll find everything you need to excel both professionally and personally.

For further details on the role and on our hybrid working arrangement, please read the candidate pack and other documents below.

Job Description

Key Responsibilities:

We are looking for someone who can:


* Apply existing knowledge of cyber security engineering and IT/OT security best practice to support operators of essential services (OES) in adhering to cyber-focused regulatory requirements.
* Use existing experience and knowledge of security risk management to identify areas for improvement – both for individual operators we regulate, and sector-wide – in to advance overall security maturity and resilience.
* Recommend pragmatic risk-based security solutions to be adopted by the operators we regulate to manage security risk across essential services, in line with UK Government’s cyber security strategy.
* Use excellent communication and stakeholder management skills to effectively work with a broad range of external organisations (across industry and our partners). Look to understand their needs and any security challenges.
* Monitor progress for sector-wide and individual security improvement projects (where necessary).
* Using your prior understanding and/or knowledge of relevant security frameworks, such as the NCSC Cyber Assessment Framework, assess the overall maturity of the sector.
* Use your ability to influence to engage on delivering security outcomes, driving good behaviours, and where necessary, make recommendations for program or process improvements in line with the NIS Regulations.
* Provide security subject matter expertise to operators of essential services (OES) on the delivery and development of new or changed infrastructure projects that are of high strategic importance to GB critical national infrastructure.
* Provide security subject matter expertise in support of wider projects across the Cyber and AI Directorate, and where appropriate, to wider Ofgem functions. Raise awareness and influence related workstreams and project teams to support wider energy systems resilience aims.
* Using your expertise, facilitate wider knowledge-sharing and development both within the Guidance and Monitoring team and the broader Cyber and AI Directorate.
* Continually demonstrate adherence to Ofgem’s values in all that you do.

Key Outputs and Deliverables

As a lead member within the directorate, we want you to use your knowledge, understanding, and experience of cyber security practice to:

* Plan, oversee and deliver a set of clear and transparent work deliverables on time and to a high standard through effective stakeholder management, project management, and resource management.
* Support the development and maintenance of a repository of recognised cyber security practice for use internally by the cyber regulatory team or externally with organisations whom Ofgem regulate for management of security risk to network and information systems.
* Continually review and assess threats affecting the sector, based on an understanding of the wider threat landscape as well as the security posture held by organisations across the DGE sector.
* Review the cyber security measures taken by regulatees. Identifying key challenges faced by the sector. Collaborating with stakeholders and regulatees to develop effective mitigation strategies to counter these challenges. Building resilience in line with guidance provided by the UKs Technical Authority, the National Centre for Cyber Security (“NCSC”).
* Use applied security and engineering expertise to identify key security risks to energy infrastructure solutions comprising of IT, OT and IIoT technologies used to provide or sustain essential services across the DGE sector.
* Develop and maintain guidance for external organisations (primarily OES), to support the improvement of cyber resilience for the sector.
* Facilitate effective information sharing within Ofgem and across the DGE sector focused on accelerating sector-wide implementation of cyber security best practice.
* Adjust your communication style to ensure stakeholders gain a firm understanding of relevant security expectations and their respective responsibilities in line with Government (cyber security) strategy. Develop an understanding of Government’s strategic direction for cyber resilience within the energy sector by collaborating closely with the Department for Energy Security and Net Zero (“DESNZ”) as the joint CA and engaging with key stakeholders interested in energy (cyber) security for the sector.
* Provide expert guidance to help team members deliver, by building supportive, inclusive team environment based on trust-based relationships, transparency and inclusivity.

Key Responsibilities:

We are looking for someone who can:

* Apply existing knowledge of cyber security engineering and IT/OT security best practice to support operators of essential services (OES) in adhering to cyber-focused regulatory requirements.
* Use existing experience and knowledge of security risk management to identify areas for improvement – both for individual operators we regulate, and sector-wide – in to advance overall security maturity and resilience.
* Recommend pragmatic risk-based security solutions to be adopted by the operators we regulate to manage security risk across essential services, in line with UK Government’s cyber security strategy.
* Use excellent communication and stakeholder management skills to effectively work with a broad range of external organisations (across industry and our partners). Look to understand their needs and any security challenges.
* Monitor progress for sector-wide and individual security improvement projects (where necessary).
* Using your prior understanding and/or knowledge of relevant security frameworks, such as the NCSC Cyber Assessment Framework, assess the overall maturity of the sector.
* Use your ability to influence to engage on delivering security outcomes, driving good behaviours, and where necessary, make recommendations for program or process improvements in line with the NIS Regulations.
* Provide security subject matter expertise to operators of essential services (OES) on the delivery and development of new or changed infrastructure projects that are of high strategic importance to GB critical national infrastructure.
* Provide security subject matter expertise in support of wider projects across the Cyber and AI Directorate, and where appropriate, to wider Ofgem functions. Raise awareness and influence related workstreams and project teams to support wider energy systems resilience aims.
* Using your expertise, facilitate wider knowledge-sharing and development both within the Guidance and Monitoring team and the broader Cyber and AI Directorate.
* Continually demonstrate adherence to Ofgem’s values in all that you do.

Key Outputs and Deliverables

As a lead member within the directorate, we want you to use your knowledge, understanding, and experience of cyber security practice to:

* Plan, oversee and deliver a set of clear and transparent work deliverables on time and to a high standard through effective stakeholder management, project management, and resource management.
* Support the development and maintenance of a repository of recognised cyber security practice for use internally by the cyber regulatory team or externally with organisations whom Ofgem regulate for management of security risk to network and information systems.
* Continually review and assess threats affecting the sector, based on an understanding of the wider threat landscape as well as the security posture held by organisations across the DGE sector.
* Review the cyber security measures taken by regulatees. Identifying key challenges faced by the sector. Collaborating with stakeholders and regulatees to develop effective mitigation strategies to counter these challenges. Building resilience in line with guidance provided by the UKs Technical Authority, the National Centre for Cyber Security (“NCSC”).
* Use applied security and engineering expertise to identify key security risks to energy infrastructure solutions comprising of IT, OT and IIoT technologies used to provide or sustain essential services across the DGE sector.
* Develop and maintain guidance for external organisations (primarily OES), to support the improvement of cyber resilience for the sector.
* Facilitate effective information sharing within Ofgem and across the DGE sector focused on accelerating sector-wide implementation of cyber security best practice.
* Adjust your communication style to ensure stakeholders gain a firm understanding of relevant security expectations and their respective responsibilities in line with Government (cyber security) strategy. Develop an understanding of Government’s strategic direction for cyber resilience within the energy sector by collaborating closely with the Department for Energy Security and Net Zero (“DESNZ”) as the joint CA and engaging with key stakeholders interested in energy (cyber) security for the sector.
* Provide expert guidance to help team members deliver, by building supportive, inclusive team environment based on trust-based relationships, transparency and inclusivity.

Person specification

Essential Criteria

* Experience in a leading role delivering technical security risk management and security improvement plans is essential. (Lead criteria)
* Demonstrable experience of effective stakeholder management and ability to communicate technical concepts to a non-technical audience.
* Task management and project and programme delivery to apply security frameworks and or technical standards e.g. NCSC CAF, NIST CSF, ISO 27K, CIS Controls, IEC/ISA 62443 to support development of organisational capability and practice.
* Able to achieve and maintain SC clearance.
* Willing to help and mentor junior cyber security practitioners and help develop our team.

Behaviours

We'll assess you against these behaviours during the selection process:

* Seeing the Big Picture
* Changing and Improving
* Making Effective Decisions
* Communicating and Influencing

Technical skills

We'll assess you against these technical skills during the selection process:

* Please refer to the Candidate Pack and Role Profile attached for full details.

Alongside your salary of £61,446, OFGEM contributes £17,800 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.

Ofgem can offer you a comprehensive and competitive benefits package which includes; 30 days annual leave after 2 years; Excellent training and development opportunities; The opportunity to join the generous Civil Service pension which also includes a valuable range of benefits; hybrid working (currently 1 day a week in the office but this is kept under review), flexible working hours and family friendly policies. Plus lots of other benefits including clean and bright offices based centrally, engaged networks and teams and an opportunity to contribute to our ambitious and important targets of establishing a Net Zero energy system by 2050. This exciting blend of professional challenge and personal reward identifies career opportunities at Ofgem as something to get excited about.

Selection process details

This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours, Experience and Technical skills.

When you press the ‘Apply now’ button, you will be asked to complete personal details (not seen by the sift panel), your career history and qualifications.

You will then be asked to provide a 1250 word ‘personal statement’ evidencing how you meet the essential and desirable skills and capabilities listed in the role profile. Please ensure you demonstrate clearly, within your supporting statement, how you meet each of the essential and desirable skills and capabilities.

Please note there may be a second interview stage for this role.

The Civil Service values honesty and integrity and expects all candidates to abide by these principles. You must ensure that any evidence submitted as part of your application or used during interview, including your CV and any statements or examples, are truthful and factually accurate. Ofgem takes any incidences of cheating very seriously. Please ensure all examples provided are of your own experience. Any instances of plagiarism or other forms of cheating will be investigated and, if proven, the relevant applications will be withdrawn from the process. Please note that plagiarism can include presenting the ideas and experiences of others, or generated by artificial intelligence, as your own.

The personal information we have collected from you will be shared with Cifas who will use it to prevent fraud, other unlawful or dishonest conduct, malpractice, and other seriously improper conduct. If any of these are detected, you could be refused certain services or employment. Your personal information will also be used to verify your identity. Further details of how your information will be used by us and Cifas, and your data protection rights, can be found by [https://www.cifas.org.uk/fpn].

Feedback will only be provided if you attend an interview or assessment.

This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours, Experience and Technical skills.

Security

Successful candidates must undergo a criminal record check.

Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window).See our vetting charter (opens in a new window).

People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Successful candidates must undergo a criminal record check.

Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window).See our vetting charter (opens in a new window).

People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

This Job Is Broadly Open To The Following Groups

* UK nationals
* nationals of the Republic of Ireland
* nationals of Commonwealth countries who have the right to work in the UK
* nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
* nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
* individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
* Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

Further information on nationality requirements (opens in a new window)

Working for the Civil Service

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).

The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.

The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).

The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.

The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.

Diversity and Inclusion

The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see the Civil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window).

This vacancy is part of the Great Place to Work for Veterans (opens in a new window) initiative.

The Civil Service welcomes applications from people who have recently left prison or have an unspent conviction. Read more about prison leaver recruitment (opens in new window).

Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.

Contact point for applicants

Job Contact

* Name : Jamie Wright
* Email : recruitment@ofgem.gov.uk

Recruitment team

* Email : recruitment@ofgem.gov.uk


Seniority level

* Seniority level

Mid-Senior level


Employment type

* Employment type

Full-time


Job function

* Job function

Other, Information Technology, and Management
* Industries

Utilities

Referrals increase your chances of interviewing at Ofgem by 2x


Sign in to set job alerts for “Security Professional” roles.

Paisley, Scotland, United Kingdom 1 month ago

Glasgow, Scotland, United Kingdom 1 month ago

Glasgow, Scotland, United Kingdom 1 month ago

Glasgow, Scotland, United Kingdom 1 month ago


HMNB Clyde Security Policy and Classifications Manager

Glasgow, Scotland, United Kingdom 5 days ago

Glasgow, Scotland, United Kingdom 1 month ago

Glasgow, Scotland, United Kingdom 3 weeks ago

Glasgow, Scotland, United Kingdom 3 weeks ago

Glasgow, Scotland, United Kingdom 1 month ago

Glasgow, Scotland, United Kingdom 2 weeks ago

Glasgow, Scotland, United Kingdom 1 week ago

Motherwell, Scotland, United Kingdom 2 weeks ago

Glasgow, Scotland, United Kingdom 1 week ago

Glasgow, Scotland, United Kingdom 2 weeks ago

Inverclyde, Scotland, United Kingdom 2 weeks ago

Glasgow, Scotland, United Kingdom 1 week ago

Rutherglen, Scotland, United Kingdom 1 month ago


Army- Ministry of Defence Guard Service - Assets & Equipment Manager

Glasgow, Scotland, United Kingdom 8 hours ago

Glasgow, Scotland, United Kingdom 7 hours ago

Glasgow, Scotland, United Kingdom 1 day ago

Glasgow, Scotland, United Kingdom 3 weeks ago

Glasgow, Scotland, United Kingdom 2 weeks ago

Glasgow, Scotland, United Kingdom 1 month ago

Glasgow, Scotland, United Kingdom 1 month ago


Information Technology Security Specialist

Glasgow, Scotland, United Kingdom 4 weeks ago

Glasgow, Scotland, United Kingdom 6 days ago

Glasgow, Scotland, United Kingdom 1 month ago

Paisley, Scotland, United Kingdom 1 month ago

Glasgow, Scotland, United Kingdom 1 day ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

#J-18808-Ljbffr