Senior Technical Advisor - NIS

Closing Date:

Group:

Management Level:

Job Type:

Job Description:

Please note that this role will close at 00:01 on Tuesday 29 April and therefore we advise getting your application in by no later than midnight on Monday 28 April.

About Ofcom

Ofcom looks after communications in the UK. From phones broadband and digital infrastructure to TV radio post and wireless devices we regulate services at the heart of peoples everyday lives.

This is an exciting time to join Ofcom. We are delivering vital work to help shape the communications services of today and tomorrow. One of Ofcoms priorities is enabling strong secure networks. The safety and security of the UKs Digital Infrastructure is vitally important. We aim to deliver this by working closely with Government National Cyber Security Centre (NCSC) and industry.

Ofcom has responsibilities under the Network and Information Systems (NIS) Regulations which place legal obligations on providers to protect UK critical services. Under NIS Ofcom regulates companies in the Digital Infrastructure subsector. Currently this includes companies providing essential services in the following areas:

• DNS resolution and authoritative hosting

• TLD name registries

• Internet Exchange Points

The Network Security team is responsible for delivering against this important priority for Ofcom.

Purpose of the Role

Working closely with the NIS Principal and wider Network Security team you will be responsible for supporting the security assurance and monitoring regime among the Operators of Essential Services (OES) we are responsible for. You will assess the information that the companies provide about their security arrangements and monitor the progress of any remediation work.

• Where appropriate submit formal information requests.

• Update the NIS guidance documentation review documents and consult with DSIT and other stakeholders internally and externally.

• Meet regulatory reporting requirements to NCSC and DSIT.

Key responsibilities

• Monitor developments in OES security & resilience risks assess the information that the companies provide about their security and operational resilience arrangements and monitor the progress of any remediation work.

• Identify companies that could fall within the scope of the Regulations and gathering evidence to support recommendations.

• Develop where necessary and draft security best practice and compliance guidance carrying out and/or managing security assessments.

• Understand how the evolution of technologies used in the delivery of communications networks and digital infrastructure services may affect security and resilience risks.

• Develop and maintain positive and constructive relationships with stakeholders. Work closely with stakeholders to improve the levels of security and operational resilience in the companies we regulate. This will include other regulators and other relevant information assurance agencies both within the UK and beyond NCSC in their role as the UKs NIS technical authority and DSIT as the lead government department for the sector.

• Work with other members of the team in responding to and assessing OES responses to security incidents which are reported to Ofcom.

• Work with colleagues in Ofcoms Enforcement Team to provide technical support in relation to any enforcement activity.

• Support career development discussions coaching and supporting members of the team.

• Promote efficiency and continuity by ensuring knowledge and best practice is embedded and shared in the team.

• Work with the Directors to regularly review the operation and deliverables of the programme establishing and employing a framework to assess performance against objectives.

Skills Knowledge and experience

• Direct experience of the business technical and security challenges faced by companies within the NIS Digital Infrastructure subsector and/or the telecommunications or cloud services sector.

• Comprehensive understanding of conducting security assurance assessments audits and managing remediation plans within the NIS sector and/or the telecommunications or cloud services sector.

• Understanding of the types of threat actors that would target Ofcoms regulated sector and cyber security threats they present.

• Experience with evaluating technical vulnerabilities and identifying reasonable and appropriate control measures.

• Experience across all cyber security risk management domains (strategy; governance and risk management; protection detection response recovery and resumption of services; testing).

• An understanding of the technologies used to provide DNS resolution/authoritative hosting DNS TLD registries and Internet Exchange Points and related infrastructure critical to running the Internet (Digital Infrastructure subsector).

• An understanding of the internet suite of protocols networking routing and DNS including indepth knowledge of authoritative and recursive DNS servers including security extensions such as DNSSEC and DoH as well as BGP.

• Experience in practical application of leading practice cyber standards and guidance such as the NCSCs Cyber Assessment Framework (CAF) ISO 27001 and the NIST CyberSecurity Framework (CSF).

Competences

Building Solutions / Executing Plans

• Takes responsibility for delivery to time quality and cost across a range of projects/programme setting direction for the scope of the work

• Takes account of strategic priorities when identifying requirements and negotiating for resources

• Ensures the project/programme delivers objectives consistent with Ofcoms strategy

• Proactively focuses resources (time money people) on the real priorities for Ofcoms success

Forming Relationships / Channelling Influence

• Builds effective relationships adapting own style and approach when appropriate with a good understanding of multinational and multicultural environments.

• Displays professional integrity and objectivity in dealings with colleagues and stakeholders

• Motivates the team to perform effectively and deliver value for money

• Inspires people to stretch to achieve more than they thought possible

Articulating Ideas

• Communicates openly and honestly even when its difficult Handles objections and questions professionally providing rational responses

• Takes responsibility for bringing together material for high profile/ complex documents

Evaluating Problems / Generating Insights

• Comfortably works with ambiguity and is responsive to ambiguous situations Gets to the heart of complex issues demonstrating command of detail and of the bigger picture

• Role models flexibility and helps others to adapt to change

• Promotes an environment of continuous improvement

Harmonising Work

• Appreciation of and desire to promote Ofcoms values of excellence agility empowerment collaboration and respect.

Qualifications

• Educated to degree level (or equivalent experience).

• Relevant NIS Digital Infrastructure subsector (Internet infrastructure) or Telecoms industry experience in information security. Operational resilience would be beneficial.

• Having Information security Audit qualifications would be advantageous; (ISACA Certified Information Systems Auditor (CISA) or Cybersecurity Audit Certificate or BCS Certificate in Information Assurance Auditing or equivalent

• Holds security clearance or is willing to go through security clearance to SC level.

Ofcom has a clear mission: to make communications work for everyone. To be able to deliver on this we want our organisation to reflect the diversity of background experience upbringing and thought that exists across the UK. We aim to recruit from the widest pool of candidates possible no matter your social background ethnicity sexual orientation gender or disability.

Where positions are listed as fulltime we remain open to reduced hours parttime arrangements job shares and other flexible working options. From day one we champion flexible work arrangements to accommodate individual needs.

We also warmly welcome applicants who are returning to the workforce after a break for whatever reason. If you have taken time away and are ready to rejoin we look forward to reviewing your application.

Our recruitment processes prioritise accessibility and inclusivity. If you need information in an alternative format or have specific preferences please contact our recruitment team at or call 0.

As a Disability Confident employer we offer interviews to disabled applicants who meet essential criteria for advertised roles. Learn more about this scheme here. Experience:

Senior IC