Key Responsibilities Leadership and engagement: Working alongside other functional leaders to engage leaders across Ofgem and our partners to promote shared awareness of how Ofgem should conduct business, whilst achieving appropriate and effective security, privacy and resilience. Strategic direction: Supporting the definition of Ofgems security, privacy and resilience requirements, translating them into recommended strategic options. Intelligence analysis: Manage the routine assessment of threats affecting Ofgem, based on effective partnerships with the Security, Intelligence and Law Enforcement Agencies, other regulators and energy sector partners. Asset and risk management: Manage the identification of critical assets (people, data, facilities) within Ofgem and our 3rd parties, analysing the risks associated with them, and capturing this information into a properly maintained risk register and action plan. Driving Risk reduction: Developing a consolidated set of requirements for risk mitigation, turning them into viable and prioritised risk mitigation plans. Routinely reviewing progress of mitigation activities versus the plans, ensuring these activities remain aligned to Ofgems strategic priorities and consistent with our current threat and risk assessments. 3 rd Party management: Build effective working relationships, underpinned by commercial contracts and Memorandum of Understandings, to ensure 3rd parties manage risks consistent with our requirements, Cabinet Office policy, DPA 2018/GDPR, as well as other associated regulations. Service delivery: Providing support for monitoring the performance of services delivered by 3rd parties or other Government organisations to ensure that they are being delivered within agreed levels of service and are delivering the desired security, privacy and resilience outcomes. Being a role model for the security and data privacy community, modelling Civil Service values to foster and develop the profession across government. Team Management - Manage a small team of Security Architects and Security Managers to deliver security assurance aligned with industry best practice. Key Outputs and Deliverables Maintain risk register - This assesses the security, privacy and resilience risks likely to affect delivery of business operations; forward work plan; and corporate functions. Manage all mitigating actions to reduce residual risk to acceptable levels, consistent with Ofgems risk appetite for security, privacy and resilience. Threat briefings - The main conduit for leaders and staff to be routinely briefed on strategic and tactical threats to Ofgems security, privacy and resilience. Manage changes projects In conjunction with colleagues, develop a control improvement strategy, programme and activities, which are then managed through to conclusion with security assurance oversight. Value for money on Cyber security assurance tools and services Although not limited in scope, these would include Penetration Tests, Vulnerability Scans, Remediation activities either provided by Ofgem directly or by 3rd parties. Review and countersign Policies Maintain security and privacy policies, reviewed and countersigned annually with the CISO. Reporting Regular reporting on key performance indicators and governance meetings. Person specification Essential Criteria Chartered via the UK CSC or CISSP or equivalent (lead criteria). Deep technical understanding of IT infrastructure / Software development and management of these components. Experience of engaging, advising and influencing at all levels of an organisation whilst projecting credibility and self-assurance specifically relating to intelligence analysis and risk management. Experience of developing and implementing a pragmatic approach to assessing the security, privacy and resilience risks affecting sensitive assets, including engaging stakeholders to create shared understanding of the risks. Experience of managing the implementation of strategic plans, tracking progress on risk reduction and benefits delivery; and managing changes to plans line with identified delivery risks and issues. Experience of negotiating and managing 3rd party contracts and acting as an intelligent customer, ensuring that security, privacy and resilience are negotiated into the agreed contract terms and conditions. Desirable Criteria Experience of defining and gaining approval for a viable, agile and pragmatic security, privacy and resilience strategy capable of responding to and anticipating changes to the assessed threats, risks and business environment. Experience in analysing incidents across a complex environment Experience of developing a business case for change that identifies the business benefits of a defined security, privacy and resilience strategy. Please note SC is required for this role. Information and eligibility guidance can be found here: SC - Guidance Pack for Applicants - GOV.UK Behaviours We'll assess you against these behaviours during the selection process: Seeing the Big Picture Making Effective Decisions Leadership Delivering at Pace Benefits Alongside your salary of 61,446, OFGEM contributes 17,800 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides. Ofgem can offer you a comprehensive and competitive benefits package which includes; 30 days annual leave after 2 years; Excellent training and development opportunities; The opportunity to join the generous Civil Service pension which also includes a valuable range of benefits; hybrid working (currently 1 day a week in the office but this is kept under review), flexible working hours and family friendly policies. Plus lots of other benefits including clean and bright offices based centrally, engaged networks and teams and an opportunity to contribute to our ambitious and important targets of establishing a Net Zero energy system by 2050. This exciting blend of professional challenge and personal reward identifies career opportunities at Ofgem as something to get excited about. Things you need to know Selection process details This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours and Experience. When you press the Apply now button, you will be asked to complete personal details (not seen by the sift panel) and upload a copy of your anonymised CV. You will then be asked to provide a 1250 word personal statement evidencing how you meet the essential and desirable skills and capabilities listed in the role profile. Please ensure you demonstrate clearly, within your supporting statement, how you meet each of the essential and desirable skills and capabilities. The Civil Service values honesty and integrity and expects all candidates to abide by these principles. You must ensure that any evidence submitted as part of your application or used during interview, including your CV and any statements or examples, are truthful and factually accurate. Ofgem takes any incidences of cheating very seriously. Please ensure all examples provided are of your own experience. Any instances of plagiarism or other forms of cheating will be investigated and, if proven, the relevant applications will be withdrawn from the process. Please note that plagiarism can include presenting the ideas and experiences of others, or generated by artificial intelligence, as your own. Please refer to Civil Service candidate advice on the acceptable use of artificial intelligence within the recruitment and selection process - Artificial intelligence and recruitment, Civil Service Careers The personal information we have collected from you will be shared with Cifas who will use it to prevent fraud, other unlawful or dishonest conduct, malpractice, and other seriously improper conduct. If any of these are detected, you could be refused certain services or employment. Your personal information will also be used to verify your identity. Further details of how your information will be used by us and Cifas, and your data protection rights, can be found by [ https://www.cifas.org.uk/fpn ]. Feedback will only be provided if you attend an interview or assessment. Security Successful candidates must undergo a criminal record check. Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window). See our vetting charter (opens in a new window). People working with government assets must complete baseline personnel security standard (opens in new window) checks. Nationality requirements This job is broadly open to the following groups: UK nationals nationals of the Republic of Ireland nationals of Commonwealth countries who have the right to work in the UK nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window) nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS) individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020 Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service Further information on nationality requirements (opens in a new window) Working for the Civil Service The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants. We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window). The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria. The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy. Diversity and Inclusion The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see the Civil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window). Apply and further information This vacancy is part of the Great Place to Work for Veterans (opens in a new window) initiative. The Civil Service welcomes applications from people who have recently left prison or have an unspent conviction. Read more about prison leaver recruitment (opens in new window). Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records. Contact point for applicants Job contact : Name : Jamie Wright Email : recruitment@ofgem.gov.uk Recruitment team Email : recruitment@ofgem.gov.uk Further information Appointment to the Civil Service is governed by the Civil Service Commissions Recruitment Principles. You have the right to complain if you feel there has been a breach of these Recruitment Principles. In the first instance, you should raise the matter directly via recruitment@ofgem.gov.uk. If you are not satisfied with the response, you may bring your complaint to the Commission. For further information on bringing a complaint to the Civil Service Commission, please visit their website. Attachments Candidate Pack_Heda of Security Assurance Opens in new window (pdf, 806kB) Role Profile_Head of Security Assurance Opens in new window (pdf, 114kB) Terms and Conditions April 2025 Opens in new window (pdf, 335kB)