Band 2 Cyber Security and Information Assurance Inspector

Job description

The Opportunity
As part of its 2025 strategy ONR is committed to being a modern and transparent regulator, delivering trusted outcomes and value. We are making substantial investments in new digital technologies and skills to enhance our regulatory processes and management of information.

The Office for Nuclear Regulation regulates all aspects of security for civil nuclear materials and sensitive nuclear information in the United Kingdom. We regulate against our outcome focused Security Assessment Principles in accordance with the Nuclear Industries Security Regulations 2003. ONR also supports the development and improvement of good practice for nuclear security both domestically and internationally.

ONR also regulates the transport of nuclear and radioactive materials by road, rail, air, and inland waterways, and as of January 2021 operates the UK’s State System of Accountancy for and Control of Nuclear Materials (SSAC) and a domestic safeguards regime.
The Role Job Purpose/Key Responsibilities
The role of the Cyber Security & Information Assurance Inspector is to deliver security regulation across the civil nuclear industry to ensure that it manages cyber security and information risks appropriately and effectively. This is achieved primarily through:

• Assessment of duty holders’ cyber security arrangements to provide confidence that risks are being adequately managed.
• Undertaking regulatory inspections with duty holders to ensure the effective implementation of technical cyber security controls to protect information technology, operational technology, and sensitive nuclear information.
• Conducting inspections of facilities across the nuclear supply chain to ensure information security risks are effectively managed.
• Contributing to the development of regulatory policy and influencing the development of good practice both nationally and internationally.
• Liaison with other regulators (including those in security and safety disciplines) and various Government security and intelligence agencies, including the co-ordination of the sector’s response to high profile cyber security events and incidents.
• Representing ONR at security events and meetings, such as those organised by the International Atomic Energy Agency, the World Institute for Nuclear Security, the UK Cyber Security Council, and those organised directly by the UK Nuclear industry.

In addition to the responsibilities identified above, inspectors recruited to a Band 2 role are expected to:

• Apply your breadth and knowledge of ONR’s purpose and regulatory framework to challenging regulatory scenarios whilst making effective regulatory decisions on limited information with minimal management oversight.
• Lead multidisciplined teams to deliver a wide range of regulatory interventions whilst being proportionate and in line with the regulators code and the enforcement policy statement.
• Communicate concisely and effectively with a broad range of stakeholders, including Government, Non-Governmental organisations, other regulatory bodies, and duty holders.
• Exhibit good leadership behaviours, by being supportive, compassionate, collegiate, and fair, embracing diversity and inclusion, and assisting with the development of less experienced staff though mentoring and coaching or as a CDM.

Whilst it is expected that some time will be needed for an external candidate to develop a full understanding of ONR’s regulatory framework and underpinning policies and guidance, their experience relating to cyber security, and preferably a regulatory environment, should enable them to effectively lead a team of cyber security inspectors and regulatory engagements promptly upon commencement of role.

Training to expand and deepen knowledge and experience in specific nuclear, cyber security, information assurance and regulatory topics will be given throughout the successful candidate’s career, however successful applicants will already have significant demonstrable experience in the field.

As experience of regulating nuclear security increases, further promotion opportunities may be available.
Line Management Responsibilities
• Required to manage a small team of cyber security inspectors in line with the team structure and assigned areas of responsibility.
Work with Us
Our colleagues are from all walks of life with varied personal experiences and career journeys into ONR. We want the best people for our roles. As an inclusive employer we value individuals’ contributions , regardless of their age, gender, race, ethnicity, disability, sexual orientation, social background, religion, or belief. Our values ‘supportive, open-minded, fair and accountable’ are central to this. We invest in our people to build capability, resilience, and promote wellbeing in our great teams, underpinned by our inherent focus on inclusion and excellence
What You will Need Essential Qualifications
We expect all Cyber Security & Information Assurance Inspectors to:

• Hold a relevant qualification (for example, an NCSC certified degree, or Level 6 qualification or higher in a Cyber Security or Information Security related discipline).
• Hold Full Professional Membership and or Chartership of an appropriate professional body (e.g., ChCSP, CNS S P, MBCS, MCIIS or MSyI).

Applicants who feel they possess equivalent experience, qualifications and/or professional memberships are invited to apply, however must clearly evidence how their background and skills meet these expectations.
Essential Skills / Experience
To be effective, the candidate will require a breadth and depth of expertise and skills in technical areas (such as cyber defence, detection, response, and recovery); and a firm understanding of personnel/procedural areas (such as leadership and management, culture, and competence) related to information risk management and cyber security. This is likely to include:

• Extensive understanding of the principles, processes and challenges of information risk management and its practical application in a nuclear or high hazard environment.
• Knowledge of current cyber threats and technical security vulnerabilities.
• Application of Government protective security procedures and making balanced judgements on adequacy.
• Proficiency at managing security risks in a regulated environment.
• Leadership in the assessment of cyber security arrangements, including the conduct of audits, assurance activities and/or compliance inspections.
• Delivery of concise, accurate, high quality written reports to tight deadlines.
• Proven effective judgement and decision-making skills, including an understanding of strategic impact, gathering, and analysing relevant information, evaluating options, applying logical reasoning, and making effective and proportionate risk-based recommendations.
• Being open and communicative through the ability to demonstrate highly articulate verbal and written communication skills, including the ability to present complex technical matters to a non-expert audience.
• Demonstrable strong influencing skills and an ability to persuade by working collaboratively and flexibly with all stakeholders, showing appropriate interpersonal sensitivity, self-awareness, and assertiveness.
• Evidence of managing projects through sound planning, prioritisation, and timely delivery of work to very high standards.
• Evidence of effective and professional behaviours throughout delivery of roles.

Person Specification
ONR is committed to being an inclusive employer and we welcome and encourage applications from all applicants. We will make reasonable adjustments and adaptations to ensure the recruitment process is inclusive and barrier-free. For example, providing job descriptions in alternative formats, and providing communication support and accessible venues. If you would like to discuss how we can support you, please contact ( [email protected]/ or 0203 028 0133 / 0203 028 0120) who will be able to provide further information and discuss any reasonable adjustments you may need during the recruitment process. We will offer an interview to disabled people who meet the minimum criteria for the role. Applicants also have the choice to opt into our Guaranteed Interview Scheme when completing their application where we will offer an interview to disabled people who meet the minimum criteria for the role.

ONR recognises it has a role to play in helping those leaving the Armed Forces (veterans) and have introduced a Guaranteed Interview Scheme for veterans. This is part of a Government initiative known as the ‘Great Place to Work for veterans. Veterans are officially defined as anyone who has served for at least one day in His Majesty’s Armed Forces (Regular or Reserve). All veterans who meet the minimum critera for a role will be invited to interview and they have the choice to opt into this scheme when completing their application. To be eligible to apply for roles under the initiative, veterans must meet certain eligibility criteria below;

• have served for at least one year in His Majesty's Armed Forces (as a Regular or Reserve)
• be in transition from, or ceased to be a member of, His Majesty’s Armed Forces; and
• not already be employed by ONR

Security Clearance
The successful candidate must hold or achieve and retain National Security Vetting clearance at SC level.
Location / Travel
This post may be undertaken from a base at any one of ONR’s office locations (Bootle, Cheltenham, or London).

This post requires some travel including overnight stays predominantly across the United Kingdom and occasionally abroad.

The successful applicant requires a full driving licence which permits the holder to drive in the UK unless reasonable adjustments can be made under the Equality Act 2010

ONR operates hybrid working (working in the office and / or at home) as part of our flexible working policy. There is an expectation that everyone will spend some time in the office on a regular basis, recognising that some work is better done face to face. Managers will collaborate with their teams on what works best to meet individual, team, business and organisational needs to enable collaboration, as well as balancing personal choice and wellbeing.
For Further Information
For more information about this vacancy please contact the Professional Lead for Cyber Security, Paul Shanes

Email - [email protected]
How to Apply
Please submit your application through the recruitment portal.

The closing date for receipt of applications is Thursday 16 May at 23:45

This advert will remain open until we have filled the advertised role. We reserve the right to withdraw this advert at any time.

Your application should include:

• CV to include a full record of your education and professional qualifications and a full employment history.
• A suitability statement (maximum of 800 words) highlighting how you meet the “essential skills and experience” required for the role, which will be used at shortlisting in conjunction with your CV.
• Where applicable highlight if you have any experience under ‘desirable skills and experience’ within the application form.

Throughout our selection process, we will make decisions based on evidence you provide. If you are shortlisted, you will be invited to a technical/competency-based interview.

Important guidance when providing CV’s – please upload text-based CVs with no graphics or pictures to ensure the anonymisation function works correctly.

Please note - if whilst completing your application, you use special characters such as (‘ ; “ - _ * ) within your examples, Hireserve will convert these characters into symbols. We are currently unable to change this.

Whilst these examples will appear on your application, this will not prevent it from being reviewed at the shortlisting stage.