Principal Cyber Security Policy Expert

Job description

Ofgem works on behalf of energy consumers to ensure that every household and business in the UK can rely on a safe, affordable and environmentally sustainable energy supply. We are playing a vital part in accelerating the transition to Net Zero and a carbon neutral energy system - a goal that everyone wants to achieve. Whatever your role, you'll be playing your part in creating new energy solutions that are great for customers, and great for the environment.

Ofgem has a culture of inclusion that encourages, supports and celebrates the diverse voices and experiences of our colleagues. It fuels our innovation and helps ensure we can best represent the consumers and the communities we serve. Everyone is welcome - as an inclusive workplace, our employees are comfortable bringing their authentic selves to work.

This role will be part of Cyber Security Directorate at Ofgem which, acts as Joint Competent Authority ("CA") for The Security of Network & Information Systems Regulations ("NIS") and the Authority for Smart Energy Code ("SEC"). The team is focused on compliance and enforcement, as well as assisting operators in improving the cyber resilience posture in the Downstream Gas and Electricity sector ("DGE") in order to protect consumer's energy supply.

Purpose

• Operate as Ofgem's Cyber Policy expert, leading the development of mechanisms to drive continuous improvement within the DGE sector and wider Competent Authorities in the UK and Internationally.
• Be the focal point and expert in a multi-disciplinary team in a specific work area in the context of operating in a Professions and Flexible Resourcing model.
• Plan, oversee and deliver a set of work deliverables on time and to a high standard through effective project management and support of multidisciplinary team members.
• Provide inclusive corporate leadership, using your expertise to provide comprehensive knowledge sharing, support and development that demonstrate commitment to Ofgem values.

Person specification

Key Responsibilities:

Lead projects with high strategic impact, setting a strategy that can be used in the long term and across the whole organisation.

• Lead on Ofgem's cyber security strategic approach to improve cyber resilience across the DGE sector, providing expert input on policy, regulation and compliance.
• Shape strategic direction based on quantitative and qualitative data to support the creation of evidence-based policy.
• Provide policy leadership and thought leadership to technical and non-technical stakeholders, including senior internal and external stakeholders.
• Provide expert policy input on future policy development with DESNZ and DSIT. Leading engagement and influence on behalf of Ofgem.
• Lead Ofgem's engagement with other CAs in the UK and internationally.

To support the team deliverables, that utilise your expertise to ensure successful outcomes across team members and collaborating teams:

• Provide clear and transparent work objectives, milestones and success metrics in your area of expertise to oversee and co-ordinate successful team outcomes.
• Collaborate closely with other teams to manage interdependencies, risks and resourcing to support portfolio delivery.
• Where required, be jointly responsible with the PDL on welfare and pastoral care of all colleagues.
• Demonstrate effective diversity and inclusive team management within their team and the wider organisation.

Key Outputs and Deliverables

• Develop and maintain Ofgem's long term strategy to improving cyber resilience within the DGE sector. Taking an evidence-based approach which is integrated within existing governance structures.
• Lead engagement with DESNZ, DSIT and NCSC on future policy and more widely across other CAs within the UK and Internationally.
• Lead the development and implementation of future policy within Ofgem by utilising regulatory tools.
• Lead innovation and development of organisational policies, products, and methodologies to drive continuous improvement.
• Create and clearly communicate policy expectations to the DGE sector.
• Be an active member of the UK security community by sharing best practice across the DGE sector.

Support the development of a high-performing team based on effective resource management, ongoing support and professional development:

• Provide expert guidance to help team members deliver, by building supportive, inclusive team environment based on trust-based relationships, transparency and inclusivity.
• Takes ownership for own continued expert development and other team members' professional development relating to the role by:
• Identifying your own continued professional development.
• Providing ongoing coaching and identification of development opportunities.
• Provide advice and support for colleagues who are pursuing professional qualifications.

Essential Criteria

• Significant experience of government or organisational policy development and/or regulation and compliance. (Lead criteria)
• Experience of working in Cyber Security, preferably relating to Critical National Infrastructure and k nowledge of NIS Regulations, NCSC's CAF.
• Good understanding of risk management.
• Strong communication skills and the ability to demonstrate delivery whilst working with a diverse group of stakeholders.
• Able to achieve and maintain SC clearance.

Desirable Criteria

• Experience of working with Operational Technology ("OT") or Energy Sector.
• Certified in appropriate professional or Further Education qualifications such as CISSP, CISA, CISM, ISO 27001 Lead Auditor, GICSP, SA/IEC 62443.

Behaviours

We'll assess you against these behaviours during the selection process:

• Seeing the Big Picture
• Changing and Improving
• Making Effective Decisions

Technical skills

We'll assess you against these technical skills during the selection process:

• Please refer to the Candidate Pack and Role Profile attached for full details.

Benefits

Alongside your salary of £58,520, OFGEM contributes £15,800 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.

Ofgem can offer you a comprehensive and competitive benefits package which includes; 30 days annual leave after 2 years; Excellent training and development opportunities; The opportunity to join the generous Civil Service pension which also includes a valuable range of benefits; Hybrid working (currently 1 day a week in the office but is in review), flexible working hours and family friendly policies. Plus lots of other benefits including clean and bright offices based centrally, engaged networks and teams and an opportunity to contribute to our ambitious and important targets of establishing a Net Zero energy system by 2050. This exciting blend of professional challenge and personal reward identifies career opportunities at Ofgem as something to get excited about.

Things you need to know

Selection process details

This vacancy is using Success Profiles (opens in a new window) , and will assess your Behaviours, Experience and Technical skills.

When you press the 'Apply now' button, you will be asked to complete personal details (not seen by the sift panel), your career history and qualifications.

You will then be asked to provide a 1250 word 'personal statement' evidencing how you meet the essential and desirable skills and capabilities listed in the role profile. Please ensure you demonstrate clearly, within your supporting statement, how you meet each of the essential and desirable skills and capabilities.

The Civil Service values honesty and integrity and expect all candidates to abide by these principles. Ofgem take any incidences of cheating very seriously. Please ensure all examples provided are of your own experience. Any instances of plagiarism or other forms of cheating will be investigated and, if proven, the relevant applications will be withdrawn from the process.

Feedback will only be provided if you attend an interview or assessment.

Security

Successful candidates must undergo a criminal record check.

Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window) .

See our vetting charter (opens in a new window) .

People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

This job is broadly open to the following groups:

• UK nationals
• nationals of the Republic of Ireland
• nationals of Commonwealth countries who have the right to work in the UK
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
• Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

Further information on nationality requirements (opens in a new window)

Working for the Civil Service

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window) .

The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.

The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.