• Manager Cyber Assurance

    UK-Edinburgh or London
    Strategy, International, Technology, Economists
    Salary Details
    Job Type
    Full or Part Time – Permanent (including flexible working arrangements)
    Job Level
    Senior Associate
    Closing Date
  • About the Job

    Reporting to Ofcom’s Head of Security and Resilience and working closely with Ofcom’s internal IT and Information Security teams, you will be responsible for implementing and maintaining a cyber assurance scheme that is being introduced across the Communications Provider (CP) community.

    You will establish yourself as the lead on operating the scheme and will become closely involved in policy development and investigation when breaches or incidents occur.

    What you will be doing

    • Lead/Support) on the roll out of a threat intelligence lead vulnerability testing scheme that is to be introduced across the major Communications Provider community.
    • (Lead/Support) on the introduction of the forthcoming Directive on Network and Information Systems security (NIS Directive) ((EU) 2016/1148) which aims to achieve a high common level of network and information systems security across the European Union. This will include developing policy, establishing incident reporting thresholds and processes, developing and drafting guidance, and working closely with other regulators, both within the UK and beyond.
    • Work with other members of the team in responding to and assessing CPs’ responses to security incidents that occur in their infrastructure which are reported to Ofcom
    • Work with colleagues in Ofcom investigations teams to provide technical support in relation to any enforcement activity.
    • Provide cyber security expertise in the planning and oversight of any security auditing of CPs that Ofcom undertakes or commissions 3rd parties to undertake.
    • Work closely with Ofcom’s internal IT security and Information Security teams to ensure our approach to protecting our own business security is appropriately aligned with the regulatory obligations applied to CPs.
    • Provide subject matter expertise and act as a point of reference for colleagues both inside and outside the team with regard to cyber security issues.
    • Engage in stakeholder management, working closely with contacts across industry and government in particular.  


    Essential Skills / Experience

      • Security cleared up to SC level;
      • Experience of assessing cyber risk and resilience capabilities;
      • Broad experience across all cyber risk management domains (strategy; governance and risk management; protection, detection, response, recovery and resumption of services; situational awareness; testing);
      • Excellent written language skills;
      • Detailed knowledge of leading practice cyber standards and guidance, such as 10 Steps to Cyber Security, the NIST framework and the CIS 20 critical security controls;
      • An industry recognised qualification e.g. QiCA, CISA, CISM, CISSP etc.;
      • Strong interpersonal skills with evidence of team working and confidence, credibility and ability to interact effectively with a range of stakeholders;
      • Strong analytical capability and judgement to assess relevant cyber security risks facing the CP community;
      • Can demonstrate taking pride in work and ensuring it is of the highest standard;
      • Strong oral communication skills including clear and effective presentation to both internal and external audiences; and
      • Experience of project management including developing and delivering against plans, managing risks and issues along the way;
      • Appreciation of and desire to promote Ofcom's values of excellence, agility, empowerment and collaboration

    Desirable Skills / Experience

      • Security cleared up to DV leve
      • PRINCE 2 qualification or equivalent project management qualification
      • Familiarity with HMG Security Policy Framewor
      • Familiarity with CBEST vulnerability testing framework
      • Experience of security auditing
      • Experience in threat intelligence, penetration testing, ‘red team’ security testing




    • Preferably educated to degree level (or equivalent) or with substantial relevant information security expertise, including within the telecommunications sector.

    Further Information










    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed