Summary
Job Description for the Head of Security and Architecture:
The Head of (Information) Security Consulting and Architecture is responsible to the Chief Information Security Officer (CISO) for leading, managing and delivering a range of customer‑focused, efficient and performant security services, providing appropriate advice, support and assurance that enables the success of our people (at home and work), business operations, corporate functions and Supply Chain.
The location for this role is flexible and can be based as either Risley or Workington.
Main Responsibilities for the Head of Security and Architecture:
* As a member of the CISO Function SLT, support the CISO in promoting the desired information security culture; ensuring the development and use of appropriately secure working practices and information systems.
* Engage UKNNL's leaders and managers, becoming a trusted advisor, part of their community and advocate for information security being a core component of achieving the UKNNL mission.
* Lead the Security Consulting and Architecture team in providing integrated, collaborative and professional information security advice and support across UKNNL, based on known risk appetite, current best practice and understanding of business needs and priorities. Including being aware of/meeting legal, regulatory and business needs.
* Enable delivery of a single point of contact for information security advice, support and assurance, ensuring requests are logged, triaged and resolved within agreed timescales; managing service delivery in line with the governance framework; and developing services based on lessons learned and customer needs.
* Work with UKNNL's business teams and enabling functions to manage operational information security risks/opportunities associated with business and IT change projects, ensuring effective and timely mitigation of risks aligned to CISO, SIRO and Board expectations.
* Work with IT leaders, to identify more efficient and effective ways of operating together, where closer alignment can deliver better customer outcomes and/or information security risk can be reduced.
* Continuously develop a portfolio of services to accommodate frequently asked questions relating to information security policies, procedures and guidance, so that UKNNL colleagues can self‑serve the help and support needed.
* Provide consistent information security advice, support and assurance for large projects, engaging with them from requirements capture; through solution design, implementation and testing; to operational use; avoiding rework; and ensuring solutions are appropriately secure by design and throughout their operational life.
* Act as a role model for CISO Function colleagues, working to UKNNL values, both within the Security Consulting and Architecture team, and the wider CISO Function.
Essential for for the Head of Security and Architecture:
* Demonstrable experience of leading small teams within organisations having similar characteristics to UKNNL (e.g. regulated organisations in the Nuclear Sector or other UK Critical National Infrastructure).
* Leads teams providing information security advice, support and assurance to individuals and projects, using effective processes to triage requests and prioritise their timely completion.
* Contributes to the development and implementation of Information Security Governance processes, including reporting dashboards designed to improve decision‑making and drive strategy delivery.
* Leads and contributes to the development of secure systems, proposing information security requirements for new systems or changes to existing systems – aligned to policies and standards.
* Understands a range of security vulnerabilities and the techniques for applying effective security controls, whilst ensuring sound use of architectural principles and systems engineering practices. Leads the development of operational risk assessments for projects (including procurement and sales activities), incorporating appropriate and effective risk mitigation into the project plans.
* Leads teams conducting compliance monitoring and/or the testing of prescribed security controls, resolving any identified non‑compliances or escalating unresolved issues as appropriate.
* Conceives and delivers business improvement through the application of Information Security; persuades senior stakeholders to invest in Information Security.
* Takes actions to achieve greater corporate efficiency, using strategic aims to prioritise and drive plans and influence management decisions and delivering maximum benefit for the organisation.
* Demonstrable experience of engagement and positive influence of leaders and business colleagues to achieve a good risk‑balanced outcome for the organisation.
#J-18808-Ljbffr