Chief Information Security Officer

Job Reference: NNL/TP/8344/823
Number of Positions: 1
Contract Type: Permanent - Full Time
Working Hours: 39
Closing Date: 13/07/2020
Job Category: IT
Business Unit: IT
Location: Risley, Warrington

Job Introduction

Reporting into the Head of Technology and Digital Change, the Chief Information Security Officer (CISO) heads up the Cyber Security and Information Assurance (CS&IA) team.

The team will embed CS&IA principles within the business, balancing the need to implement appropriate controls alongside a desire to support the business in its growth strategy.

Main Responsibilities

1. Lead and manage the NNL CS&IA Team

2. Hold responsibility for the company’s information and data security

3. Be an advocate for CS&IA within the business and wider industry and initiate/support new NNL business opportunities

4. Maintain a positive working relationship with the Office for Nuclear Regulation and the Nuclear Cyber Security Centre

5. Represent NNL at all appropriate industry, government and general CS&IA forums, committees and conferences

6. Coordinate with other NNL Security personnel as required, and provide support to Security Liaison Officers and Information Asset Owners

7. Develop and maintain the CS&IA Strategy, Governance and Plan

8. Ensure CS&IA Aims and Objectives are aligned to those of the Technology & Digital Change Department and the wider business

9. Provide advice to NNL business units on the secure design of solutions and projects

10. Ensure that CS&IA controls within new projects are proportionate, appropriate, cost effective and effective

11. Ensure that NNL is compliant with all CS&IA requirements of applicable legislation

12. Ensure that NNL maintains certification to ISO27001 and Cyber Essentials

13. Provide assurance to the Senior Information Risk Owner and wider Executive Management Team on the status of the CS&IA controls

14. Assure the delivery of CS&IA security controls (personnel, physical, procedural and technical) within NNL and the supply chain

15. Provide accreditation to NNL systems within the limits of delegated risk

16. Manage the Security Aspects Letter (SAL) process.

17. Ensure that remedial actions are implemented in response to identified vulnerabilities

18. Ensure that NNL, and particularly CS&IA practitioners, are aware of emerging threats and vulnerabilities

19. Develop and manage the CS&IA Risk Management Framework

20. Ensure that appropriate CS&IA Awareness training is provided to all NNL staff and contractors/agency support workers

21. Lead the response to CS&IA incidents

22. Ensure the functional delivery of security defensive monitoring by the NNL contracted Security Operations Centre (SOC).

23. Plan and exercise for CS&IA resilience

24. Manage investigations into CS&IA breaches

25. Undertake the role of Partner Security Officer for the FOXHOUND/ROSA network

26. Act as Deputy Data Protection Officer with specific responsibility for the protection of personal data

27. Undertake the role of NNL Communications Security Officer (ComSyO).

The Ideal Candidate

1. possess an extensive breadth and depth of knowledge and knowhow across all aspects of Information Assurance , Cyber Security, Data Governance and Security; 

2. be an experienced CISO and Cyber Security and Information Assurance SMT member at equivalent medium to large enterprises and familiar with the challenges of Management, Operations and Strategic Planning;

3. have the knowledge and experience to recommend, adopt, customise, integrate and apply industry standards and frameworks

4. have a demonstrable background in accredited environments and balancing business benefit and technology risk working close with Chief Architect and to develop appropriate risk balance cases and documentation; 

5. have strong communication and influencing skills and the ability to build relationships and influence senior stakeholders;

6. have excellent planning and organisational skills;

7. be qualified to at least degree level;

8. have the ability to achieve SC clearance.

About The Company

Grounded in robust science and decades of experience, National Nuclear Laboratory (NNL) is the authoritative voice in the UK and beyond for technological development within the nuclear power sector.

Our unparalleled understanding of the science, challenges and opportunities makes us an unrivalled authority and partner in the field, providing experts, technologies, and access to cutting-edge facilities to organisations around the world.

Harnessing potential technologies and translating them into to industry-ready solutions means our pioneering approach spearheads international improvement and technological progress.

We work on projects as small as drilling a hole to analyse underground wastes with our integrated micro drilling technology, or as large as developing state-of-the-art power systems for spacecraft, based on radioactive materials

NNL has a vision for Equality, Diversity and Inclusivity (ED&I) where NNL aims to be an inclusive workplace that attracts diverse talent through transparent and equal policies and procedures. We want you and the diverse mix of people that we employ, customers that we service and stakeholders that we influence to feel valued. We encourage a workplace culture where everyone can thrive with a sense of belonging.