Cyber Regulation Lead

As Great Britain's regulator for the energy industry, Ofgem exists to ensure a safe, secure and sustainable energy supply to British households and businesses.

We are seeking a number of Cyber Regulation Lead with experience in cyber security and the energy sector to play a pivotal role in protecting energy consumers. You will operate within the Cyber Directorate and profession.

You will have significant experience in cyber security preferably relating to Critical National Infrastructure. As an experienced leader, you'll have extensive knowledge of NIS regulations and NCSC's Cyber Assessment Framework, hold fantastic communication and leadership skills and be able to achieve and maintain SC clearance. Ideal candidates will preferably possess qualifications, obtained through professional development or further education such as CISSP, CISA, or CISM.

Due to our team's rapid growth, we're looking to fill various roles under this position. These roles inhabit the same core responsibilities, but there are variations within the wider responsibilities attached to the roles. 

Core Responsibilities

• Leading activities across the Cyber Regulation Team.
• Working collaboratively with teams across the organisation to ensure the delivery of our responsibilities align with the Regulator's Code.
• Proven record of leadership skills and ensure benefits for energy consumers' needs.

Under a Cyber Assurance Role, you'll lead industry support for cyber resilience to protect consumers. You'll conduct audits with meticulous precision to support the ongoing process of improvements and approach for the assurance programme.

Within a Cyber Policy Role, you'll develop Ofgem's cyber security policies in collaboration with The Department for Energy Security and Net Zero, lead policy implementation, be at the forefront of scanning for future challenges and support sector research and innovation.

In a Cyber Investment-based role you will ensure that consumer money is spent with intention and will hold organisations accountable for their plans. You will deeply analyse industry investments and distinguish when investment is appropriate.

Positioned within the Cyber Guidance and Motioning role you will monitor the energy sector's cyber security approach, build strong relationships with regulators and be an outstanding team player, providing constructive feedback to the industry on their plans to enable cross-sector collaboration.

Ofgem has a culture of inclusion that encourages, supports and celebrates the diverse voices and experiences of our colleagues. As an inclusive workplace, our employees are comfortable bringing their authentic selves to work.

#LIRemote

Ofgem works on behalf of energy consumers to ensure that every household and business in the UK can rely on a safe, affordable, and environmentally sustainable energy supply. We are playing a vital part in accelerating the transition to Net Zero and a carbon neutral energy system - a goal that everyone wants to achieve. Whatever your role, you'll be playing your part in creating new energy solutions that are great for customers, and great for the environment. 

Ofgem has a culture of inclusion that encourages, supports, and celebrates the diverse voices and experiences of our colleagues. It fuels our innovation and helps ensure we can best represent the consumers and the communities we serve. Everyone is welcome - as an inclusive workplace, our employees are comfortable bringing their authentic selves to work.  

This role will be part of Cyber Security Directorate at Ofgem which, acts as Joint Competent Authority ("CA") for The Security of Network & Information Systems Regulations ("NIS") and the Authority for Smart Energy Code ("SEC"). The team is focused on policy, compliance and enforcement, as well as assisting operators in improving the cyber resilience posture in the Downstream Gas and Electricity sector ("DGE") in order to protect consumer's energy supply. 

Purpose 

• Protect energy consumers by working with the industry and other key stakeholders to drive improvements in cyber and security resilience across the energy sector.  

Key Responsibilities, Outputs and Deliverables  

• There are a number of roles that we are seeking to fill through this recruitment process. There are some core responsibilities that are applicable to all and additional responsibilities that will vary depending on the role the applicant is assigned to. We are passionate about upskilling and offering opportunities to our teams for professional and personal development across the profession of Cyber and can be flexibly deployed across different teams and projects. Personal growth is key at Ofgem, and being self-motivated and driven in your role can open opportunities for you. We will seek input from applicants at interview stage about their preferences for their initial deployment.  

Core Responsibilities:  

• Work collaboratively with colleagues from across Ofgem, and externally, to ensure the delivery of our responsibilities in alignment with the Regulators Code. You should expect to take a leading role in multiple activities across the Cyber Regulation team.  
• Communicate effectively, both verbally and in writing, with a range of stakeholders, including colleagues, those you regulate, and other key partners.  
• Demonstrate leadership and put your experience to good use for the benefit of energy consumers.  
• Continue your professional development whilst at Ofgem to enable you to grow and deliver more. 

Assurance 

• Protect consumers by playing a leading role in directly supporting industry increase their cyber resilience. Support the delivery of cyber assurance activities throughout their full lifecycle. Ensure that industry non-compliance with legislation is resolved through existing processes. Support the ongoing process improvements and approach for the assurance programme. 

 Guidance and Monitoring 

• Protect consumers by guiding and monitoring the energy sector's cyber security approach. Build strong relationships with those we regulate. Work with others in the team to provide constructive feedback to industry on their plans and activities. Identify systemic risk across the energy sector and enable cross-sector collaboration and knowledge sharing to reduce risk. Create and maintain high-quality written guidance for industry.  Monitor the energy sectors compliance against current regulatory expectations. 

Cyber Policy 

• Protect consumers by shaping the government and industry approach to increasing cyber resilience in the energy sector. Develop Ofgem cyber security policy, strategy and thinking, in partnership with the Department for Energy Security and Net Zero. Lead on aspects of the implementation of related policies. Carrying out Horizon Scanning activities to ensure that we are thinking ahead to future challenges and opportunities. Support Research and Innovation activities across the sector. 

Cyber Investment Role 

• Protect consumers by ensuring that eligible energy sector companies are investing appropriately in their cyber security. Ensure that consumer money is spent wisely and hold organisations to account for their delivery plans. Analyse industry investment requests. Work closely with industry to ensure that investment is appropriate. Challenge where required. Ensure ongoing spend is in-line with agreed plans. Support the ongoing process improvements and approach, including for the RIIO3 programme. 

Essential Criteria

• Significant experience of working in Cyber Security, preferably relating to Critical National Infrastructure. Knowledge of NIS Regulations and NCSC's Cyber Assessment Framework. (Lead criteria) 
• Additional experience relevant to at least one of the 4 roles identified: Assurance / Policy / Investment / Guidance and Monitoring.  
• Strong communication skills and emotional intelligence. Leadership experience.  
• Able to achieve and maintain SC clearance.