Chief Information Security Officer

Job Reference: NNL/TP/16380/519
Number of Positions: 1
Contract Type: Permanent - Full Time
Salary: £64469 - £66614
Working Hours: 39
Closing Date: 13/09/2019
Job Category: IT
Business Unit: IT
Location: Warrington

Job Introduction

The CISO is the champion of all aspects of Cyber Security and Information Assurance (CS&IA).  The CISO evangelises CS&IA within the business, ensures that CS&IA supports the business aims and leads the implementation of CS&IA controls relating to NNL assets both within the company and any partners. The CISO reports directly to the NNL Chief Information Officer (CIO). 

Main Responsibilities

  • Lead and manage the NNL CS&IA Team.
  • Monitor the competence of NNL personnel and contractors engaged in CS&IA roles.
  • Be an evangelist for CS&IA within the business and wider industry and initiate/support new NNL business opportunities.
  • Maintain a positive working relationship with the Office for Nuclear Regulation and the Nuclear Cyber Security Centre.
  • Represent NNL at all appropriate industry, government and general CS&IA forums, committees and conferences.
  • Coordinate with other NNL Security personnel as required, and provide support to Security Liaison Officers and Information Asset Owners.
  • Develop and enhance internal relationships with the business on behalf of the CS&IA Team and the wider IT department.
  • Develop and maintain the NNL CS&IA Strategy and Plan.
  • Ensure CS&IA Aims and Objectives are aligned to those of the IT Department and the wider business.
  • Develop and maintain CS&IA governance.
  • Provide advice to NNL business units on the secure design of solutions and projects.
  • Ensure that CS&IA controls within new projects are proportionate, appropriate, cost effective and effective.
  • Ensure that NNL is compliant with all CS&IA requirements of applicable legislation.
  • Ensure that NNL maintains certification to ISO27001 and Cyber Essentials.
  • Provide assurance to the Senior Information Risk Owner and wider Executive Management Team on the status of the CS&IA controls. 
  • Assure the delivery of CS&IA security controls (personnel, physical, procedural and technical) within NNL and the supply chain.
  • Provide accreditation to NNL systems within the limits of delegated risk.
  • Manage the Security Aspects Letter (SAL) process.
  • Ensure that remedial actions are implemented in response to identified vulnerabilities.
  • Ensure that NNL, and particularly CS&IA practitioners, are aware of emerging threats and vulnerabilities.
  • Develop and manage the CS&IA Risk Management Framework.
  • Ensure that appropriate CS&IA Awareness training is provided to all NNL staff and contractors/agency support workers.
  • Lead the response to CS&IA incidents.
  • Ensure the functional delivery of security defensive monitoring bythe NNL contracted Security Operations Centre (SOC).
  • Plan and exercise for CS&IA resilience.
  • Manage investigations into CS&IA breaches.
  • Undertake the role of Partner Security Officer for the FOXHOUND/ROSA network.
  • Act as Deputy Data Protection Officer with specific responsibility for the protection of personal data.
  • Undertake the role of NNL Communications Security Officer (ComSyO).

The Ideal Candidate

Essential 

  • DV, or ability to attain DV
  • UK National
  • A credible security professional with 10 years’ experience within information and cyber security
  • CISSP
  • CISM or C-CISO
  • ISO27001 Lead Auditor or Lead Implementor
  • NCSC Certified Professional, Senior Practitioner, SIRA
  • Recognised GDPR Practitioner Course
  • Experience of securing cloud environments
  • Experience of managing security
  • Demonstratable security leadership experience
  • Good communication skills
  • Good problem solver
  • Experience of managing security requirements through project lifecycles
  • Management of accreditation activities
  • Experience of working in a highly regulated environment

Desirable 

  • Full Membership of IISP or Security Institute
  • Post Graduate Degree in Information and Cyber Security discipline
  • Recognised Cryptographic Materials Management Course
  • Experience of securing operational technology
  • CCSP
  • Experience of delivering cyber security and information assurance within the civil nuclear industry
  • Experience of managing security in the supply chain

About The Company

Grounded in robust science and decades of experience, National Nuclear Laboratory (NNL) is the authoritative voice in the UK and beyond for technological development within the nuclear power sector.

Our unparalleled understanding of the science, challenges and opportunities makes us an unrivalled authority and partner in the field, providing experts, technologies, and access to cutting-edge facilities to organisations around the world.

Harnessing potential technologies and translating them into to industry-ready solutions means our pioneering approach spearheads international improvement and technological progress.

We work on projects as small as drilling a hole to analyse underground wastes with our integrated micro drilling technology, or as large as developing state-of-the-art power systems for spacecraft, based on radioactive materials.