Chief Information Security Officer (CISO)


Job details

`
Job title Chief Information Security Officer (CISO)
Ref PMNNLCISO
Location Warrington
Region North West
Company National Nuclear Laboratory
Salary 65000.00-70000.00 GBP per year
Duration 20 Years
Apply for this job

The Role

The CISO is the champion of all aspects of Cyber Security and Information Assurance (CS&IA).

The CISO evangelises CS&IA within the business, ensures that CS&IA supports the business aims and leads the implementation of CS&IA controls relating to the companies assets both within the company and any partners.

The CISO reports directly to the Chief Information Officer (CIO).

Key Accountabilities

• Lead and manage the CS&IA Team.

• Monitor the competence of personnel and contractors engaged in CS&IA roles.

• Be an evangelist for CS&IA within the business and wider industry and initiate/support new business opportunities.

• Maintain a positive working relationship with the Office for Nuclear Regulation and the Nuclear Cyber Security Centre.

• Represent the company at all appropriate industry, government and general CS&IA forums, committees and conferences.

• Coordinate with other company Security personnel as required, and provide support to Security Liaison Officers and Information Asset Owners.

• Develop and enhance internal relationships with the business on behalf of the CS&IA Team and the wider IT department.

• Develop and maintain the CS&IA Strategy and Plan.

• Ensure CS&IA Aims and Objectives are aligned to those of the IT Department and the wider business.

• Develop and maintain CS&IA governance.

• Provide advice to business units on the secure design of solutions and projects.

• Ensure that CS&IA controls within new projects are proportionate, appropriate, cost effective and effective.

• Ensure that the company is compliant with all CS&IA requirements of applicable legislation.

• Ensure that the company maintains certification to ISO27001 and Cyber Essentials.

• Provide assurance to the Senior Information Risk Owner and wider Executive Management Team on the status of the CS&IA controls.

• Assure the delivery of CS&IA security controls (personnel, physical, procedural and technical) within the company and the supply chain.

• Provide accreditation to the company systems within the limits of delegated risk

• Manage the Security Aspects Letter (SAL) process.

• Ensure that remedial actions are implemented in response to identified vulnerabilities.

• Ensure that the company, and particularly CS&IA practitioners, are aware of emerging threats and vulnerabilities.

• Develop and manage the CS&IA Risk Management Framework.

• Ensure that appropriate CS&IA Awareness training is provided to all staff and contractors/agency support workers.

• Lead the response to CS&IA incidents.

• Ensure the functional delivery of security defensive monitoring by the contracted Security Operations Centre (SOC).

• Plan and exercise for CS&IA resilience.

• Manage investigations into CS&IA breaches.

• Undertake the role of Partner Security Officer for the FOXHOUND/ROSA network.

• Act as Deputy Data Protection Officer with specific responsibility for the protection of personal data.

• Undertake the role of the compay Communications Security Officer (ComSyO).

Essential Requirements

• A credible security professional with 10 years’ experience within information and cyber security

• CISSP

• CISM or C-CISO

• ISO27001 Lead Auditor or Lead Implementor

• NCSC Certified Professional, Senior Practitioner, SIRA

• Recognised GDPR Practitioner Course

• Experience of securing cloud environments

• Experience of managing security

• Demonstratable security leadership experience

• Good communication skills

• Good problem solver

• Experience of managing security requirements through project lifecycles

• Management of accreditation activities

• Experience of working in a highly regulated environment

Desirable Requirements

• Full Membership of IISP or Security Institute

• Post Graduate Degree in Information and Cyber Security discipline

• Recognised Cryptographic Materials Management Course

• Experience of securing operational technology

• CCSP

• Experience of delivering cyber security and information assurance within the civil nuclear industry

• Experience of managing security in the supply chain.

Additional information about the process

Capita Resourcing is the strategic resourcing business within Capita plc. We are the chosen provider of agency workers and permanent recruitment for the Nuclear Decommissioning Authority (NDA) collaborative framework, across nuclear sites and offices UK wide.

NuclearWorks welcomes applications from all suitably qualified people regardless of gender, race, disability, age or sexual orientation. NuclearWorks is a trading name of Capita Business Services Ltd. Services offered are those of an Employment Agency and Employment Business.

Can't see the role you're looking for?

Join the Capita Resourcing Talent Pool today and you’ll be instantly considered for any future, relevant opportunities from across our client base. You'll have the ability to amend your profile anytime and you will receive regular updates around your skill set, along with insights on the way in which we partner with our clients to meet their goals.

Join Talent Pool

Got a question?

Want to discuss a specific role with us or explore which opportunities could be right for you? Get in touch with our recruitment team.

Contact us