Apply for this job
||Chief Information Security Officer (CISO)
||National Nuclear Laboratory
||65000.00-70000.00 GBP per year
The CISO is the champion of all aspects of Cyber Security and Information Assurance (CS&IA).
The CISO evangelises CS&IA within the business, ensures that CS&IA supports the business aims and leads the implementation of CS&IA controls relating to the companies assets both within the company and any partners.
The CISO reports directly to the Chief Information Officer (CIO).
• Lead and manage the CS&IA Team.
• Monitor the competence of personnel and contractors engaged in CS&IA roles.
• Be an evangelist for CS&IA within the business and wider industry and initiate/support new business opportunities.
• Maintain a positive working relationship with the Office for Nuclear Regulation and the Nuclear Cyber Security Centre.
• Represent the company at all appropriate industry, government and general CS&IA forums, committees and conferences.
• Coordinate with other company Security personnel as required, and provide support to Security Liaison Officers and Information Asset Owners.
• Develop and enhance internal relationships with the business on behalf of the CS&IA Team and the wider IT department.
• Develop and maintain the CS&IA Strategy and Plan.
• Ensure CS&IA Aims and Objectives are aligned to those of the IT Department and the wider business.
• Develop and maintain CS&IA governance.
• Provide advice to business units on the secure design of solutions and projects.
• Ensure that CS&IA controls within new projects are proportionate, appropriate, cost effective and effective.
• Ensure that the company is compliant with all CS&IA requirements of applicable legislation.
• Ensure that the company maintains certification to ISO27001 and Cyber Essentials.
• Provide assurance to the Senior Information Risk Owner and wider Executive Management Team on the status of the CS&IA controls.
• Assure the delivery of CS&IA security controls (personnel, physical, procedural and technical) within the company and the supply chain.
• Provide accreditation to the company systems within the limits of delegated risk
• Manage the Security Aspects Letter (SAL) process.
• Ensure that remedial actions are implemented in response to identified vulnerabilities.
• Ensure that the company, and particularly CS&IA practitioners, are aware of emerging threats and vulnerabilities.
• Develop and manage the CS&IA Risk Management Framework.
• Ensure that appropriate CS&IA Awareness training is provided to all staff and contractors/agency support workers.
• Lead the response to CS&IA incidents.
• Ensure the functional delivery of security defensive monitoring by the contracted Security Operations Centre (SOC).
• Plan and exercise for CS&IA resilience.
• Manage investigations into CS&IA breaches.
• Undertake the role of Partner Security Officer for the FOXHOUND/ROSA network.
• Act as Deputy Data Protection Officer with specific responsibility for the protection of personal data.
• Undertake the role of the compay Communications Security Officer (ComSyO).
• A credible security professional with 10 years’ experience within information and cyber security
• CISM or C-CISO
• ISO27001 Lead Auditor or Lead Implementor
• NCSC Certified Professional, Senior Practitioner, SIRA
• Recognised GDPR Practitioner Course
• Experience of securing cloud environments
• Experience of managing security
• Demonstratable security leadership experience
• Good communication skills
• Good problem solver
• Experience of managing security requirements through project lifecycles
• Management of accreditation activities
• Experience of working in a highly regulated environment
• Full Membership of IISP or Security Institute
• Post Graduate Degree in Information and Cyber Security discipline
• Recognised Cryptographic Materials Management Course
• Experience of securing operational technology
• Experience of delivering cyber security and information assurance within the civil nuclear industry
• Experience of managing security in the supply chain.
Additional information about the process
Capita Resourcing is the strategic resourcing business within Capita plc. We are the chosen provider of agency workers and permanent recruitment for the Nuclear Decommissioning Authority (NDA) collaborative framework, across nuclear sites and offices UK wide.
NuclearWorks welcomes applications from all suitably qualified people regardless of gender, race, disability, age or sexual orientation. NuclearWorks is a trading name of Capita Business Services Ltd. Services offered are those of an Employment Agency and Employment Business.