Lead Business Resilience Specialist

This job has now expired please search on the home page to find live IT Jobs.

Put resilience at the heart of our organisation as you contribute to our ground-breaking work

As the UK's regulator for the energy industry, Ofgem works on behalf of energy consumers to ensure that every household and business in the UK can rely on a safe, affordable and environmentally sustainable energy supply. That includes protecting the resilience of the UK national infrastructure. We also work hard to improve Ofgem's own business security, privacy and resilience, and are currently expanding our in-house cyber capability.

In this brand new role of Lead Business Resilience Specialist, you will provide assurance that Ofgem has adequate measures in place to respond effectively to adverse events and crisis scenarios. Your immediate focus will be cyber, but the strategies and approaches you develop will extend to the protection of people and processes. With the scope to set new priorities and working practices, and to shape your role and the team around you, there's potential to make a massive impact. Expect to engage at senior levels across Ofgem and within the wider public sector. You will also benefit from the support of our in-house cyber security profession.

We'll look to you to embed resilience in the way we do business. We're looking for someone who can act as a subject matter expert and professional role model for cyber security within Ofgem. You'll bring substantial experience of business continuity and business resilience, along with a proven ability to manage stakeholders across an entire organisation or network. As you will be starting from a clean slate, you need strong experience of developing plans, and negotiating support and commitment from others. You'll also have a strong track-record of engaging, advising, influencing and communicating effectively at all levels.

Ofgem relies on having a workforce that reflects the society we serve, so we welcome candidates from all backgrounds, and especially those from underrepresented groups. While this is a full-time role, flexible working patterns and job shares are welcome. We will also support you with excellent training and development opportunities, plus a competitive benefits package.

Job description

This role will be part of the Cyber Security Profession at Ofgem, which has two main objectives:

Protecting Ofgem - Ensuring that Ofgem maintains appropriate levels of security, privacy, and resilience to protect our people, data, operations, and facilities from harm.

Protecting the UK National Infrastructure - Acting as Joint Competent Authority for implementing the NIS Regulations, to improve security and resilience in the Downstream Gas and Electricity sector.

The Lead Business Resilience Specialist's key responsibility is to provide assurance that Ofgem has adequate Business Resilience in place and can respond effectively to adverse events and/or crisis scenarios. The immediate focus is on Cyber, but strategies and approaches that are developed should recognise and facilitate potential expansion to other areas such as physical/buildings/people/personnel/processes, in due course.

The Lead Business Resilience Specialist will engage at senior and operational levels across Ofgem and with other professional colleagues spanning (but not limited to) Cyber, Data/DDaT, Corporate and lines of Business as required to ensure appropriate endorsement, input, and support to the programme of work at both a macro and granular level.

A key aspect of this post will be building and developing a new team as part of the wider Cyber profession, that encompasses and delivers:

The driving of Change across governance, delivery, and incident response spheres so that resilience factors, requirements, implications, needs, and mechanisms are properly embedded into both pipeline and legacy infrastructure and processes, with a focus on:

Resilience by Design

Assessment of Business Impact

Inherent and Residual Risk

Transparency and accountability of decision making

Continuous assessment and assurance

Increasing confidence in Ofgem's ability to respond to and recover from adverse events and/or crisis scenarios.

The determination, design, and maintenance of an overarching and holistic view of:

Ofgem critical systems and IT infrastructure

Relative Business criticality and recovery priorities

Recovery Point Objectives (RPO), Recovery Time Objectives (RTO), and/or other agreed DR requirements.

Pro-active provision of Subject Matter Expertise, with a strong understanding and experience of HMG Policies and Standards, and Industry good practice. The role will require holding appropriate qualification and certification and setting the strategy for team and organisational profession development and awareness relating to resilience.

Strong engagement and congruence with related teams including Security Operations and Advisory, Data Protection, DDaT, and lines of Business.

The Lead Business Resilience Specialist will formally report to the Head of Security, Privacy and Resilience but will largely be empowered to work independently as required to discharge their duties.

Responsibilities

Definition and delivery of a rolling programme of work encompassing:

Ownership, review and refresh of Resilience Policies and Processes

A wholesale review of Ofgem Resilience Governance and capability

Identification of, and engagement with, key stakeholders across all Ofgem Business areas, system owners, and subject matter experts. This will include alignment with activity already in train to increase definition of Information Assets so that there is a holistic and consistent view of Business Impact

Pro-active engagement with pipeline and legacy infrastructure and processes to ensure appropriate consideration and oversight of resilience

Production of an overarching and holistic view of:

Ofgem critical systems and IT infrastructure;

Relative Business criticality and recovery priorities;

Recovery Point Objectives (RPO), Recovery Time Objectives (RTO), and/or other agreed DR requirements.

Please see Candidate Pack for further details on the role and our Recruitment Process.