• Head of Security and Resilience

    UK-Edinburgh or London
    Strategy, International, Technology, Economists
    Salary Details
    Job Type
    Full or Part Time – Permanent (including flexible working arrangements)
    Job Level
    Closing Date
  • About the Job

    Reporting to Ofcom’s Director, Network Infrastructure and working closely with Ofcom’s internal IT and Information Security teams, you will be responsible for monitoring developments in network security risks, developing strategy and policy options to discharge Ofcom’s responsibilities, and implementing and maintaining a comprehensive reporting, investigation and enforcement programme spanning all aspects of Ofcom’s role in network security and resilience. This will include a new cyber assurance scheme that is being introduced across the Communications Provider (CP) community.

    You will establish yourself as the lead on developing and operating the programme and will become closely involved in policy development and investigation when breaches or incidents occur.

    What you will be doing


    • Lead all aspects of Ofcom’s work on network security and resilence.
    • Lead on analysis of emerging risks and threat vectors.
    • Lead the development of Ofcom strategy and policy with regard to discharging its responsibilities for network security and resilience.
    • Lead on the roll out of a threat intelligence lead vulnerability testing scheme that is to be introduced across the major Communications Provider community.
    • Lead on the introduction of the forthcoming Directive on Network and Information Systems security (NIS Directive) ((EU) 2016/1148) which aims to achieve a high common level of network and information systems security across the European Union. This will include developing policy, establishing incident reporting thresholds and processes, developing and drafting guidance, and working closely with other regulators, both within the UK and beyond.
    • Work with other members of the team in responding to and assessing CPs’ responses to security incidents that occur in their infrastructure which are reported to Ofcom
    • Work with colleagues in Ofcom investigations teams to provide technical support in relation to any enforcement activity.
    • Provide security expertise in the planning and oversight of any security auditing of CPs that Ofcom undertakes or commissions 3rd parties to undertake.
    • Work closely with Ofcom’s internal IT security and Information Security teams to ensure our approach to protecting our own business security is appropriately aligned with the regulatory obligations applied to CPs
    • Provide subject matter expertise and act as a point of reference for colleagues both inside and outside the team with regard to cyber security issues, including at Senior Management Team and Ofcom Board level, explaining complex concepts to non-specialists to facilitate effective policy decision making.
    • Establish a credible profile and engagement with key external stakeholders such as CTO/CIO level contacts in communication providers, and equivalent level functions at NCSC, DCMS and other agencies and Government departments.

    Essential Skills / Experience


      • Security cleared up to DV level;
      • Experience of assessing a wide range of telco network security, cyber risk and resilience capabilities;
      • Broad experience across all network security and cyber risk management domains (strategy; governance and risk management; protection, detection, response, recovery and resumption of services; situational awareness; testing);
      • Excellent written language skills;
      • Detailed knowledge of leading practice cyber standards and guidance, such as 10 Steps to Cyber Security, the NIST framework and the CIS 20 critical security controls;
      • An industry recognised qualification e.g. QiCA, CISA, CISM, CISSP etc.;
      • Strong interpersonal skills with evidence of team working and confidence, credibility and ability to interact effectively with a range of stakeholders;
      • Strong analytical capability and judgement to assess relevant cyber security risks facing the CP community;
      • Can demonstrate taking pride in work and ensuring it is of the highest standard;
      • Strong oral communication skills including clear and effective presentation to both internal and external audiences; and
      • Experience of project management including developing and delivering against plans, managing risks and issues along the way;
      • Appreciation of and desire to promote Ofcom's values of excellence, agility, empowerment and collaboration

    Desirable Skills / Experience

      • PRINCE 2 qualification or equivalent project management qualification
      • Familiarity with HMG Security Policy Framework
      • Familiarity with CBEST vulnerability testing framewor
      • Experience of security auditing
      • Experience in threat intelligence, penetration testing, ‘red team’ security testing


    • Preferably educated to degree level (or equivalent) or with substantial relevant information security expertise, including within the telecommunications sector.

    Further Information










    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed