Information and Cyber Security Inspector
About the role
The role of the Nuclear Security Inspector (Information & Cyber Security) is to ensure that the civil nuclear industry manages information/cyber risks appropriately and effectively. The role encompasses the regulation of information technology, operating technology and the security of SNI within the civil nuclear sector through enabling, influencing, assuring and ensuring the compliance, management and performance of site licence holders. This post requires a certain amount of travel including, on occasion, overnight stays.
To be effective, the candidate will require a breadth and depth of expertise and skills in technical, people and procedural matters related to information risk management and cyber security. He/she will: conduct regulatory interventions; assess dutyholders' security assurance; contribute to the development of policy; maintain currency of guidance documents/Codes of Practice; and liaise with other regulators (including ONR (CNS) inspectors, ONR nuclear safety regulators, EA/SEPA Inspectors) and various Government security and intelligence agencies as appropriate. They may also be required to represent ONR at international security events and meetings.
Over time, the successful candidate will be offered the opportunity to progress and also broaden their security expertise within ONR (CNS). This could be in other roles including Personnel Security, Transport Security, Site Security, Emergency Planning & Response, Contingency Planning & Exercises, and Investigations.
Job related expertise
Candidates must be able to demonstrate the following qualifications, experience and behaviours:
- Hold a relevant qualification (for example, a degree in Information Technology, Computing, Computer Security, Cyber Security, Information Security, or Electrical/Electronic Engineering) or possess an equivalent vocational qualification;
- hold full membership of an appropriate professional body (eg IISP, MBCS) and have completed equivalent training that evidences a good level of technical skills (eg ITPC Certificate of Information Security Competency, CISSP or CISM);
- membership of the CESG Certified Professional (CCP) scheme.
- Ability to achieve and retain National Security Vetting clearance at DV level.
- Extensive understanding of the principles, processes and challenges of information risk management and its practical application.
- Sound understanding of current cyber threats and technical security vulnerabilities.
- Knowledge and application of HMG protective security procedures.
- Managing security risks in a nuclear or equivalent high-hazard regulatory environment.
- Conducting audits, assurance activities and/or compliance inspections.
- Authoring written reports to tight deadlines.
- Competent level of IT user skills.
Behavioural core competencies
In addition, if shortlisted you will need to provide examples of the following behavioural competencies:
- Effective judgement and decision-making skills - understanding strategic impact, gathering and analysing relevant information, evaluating options, applying logical reasoning, and making effective and proportionate risk-based recommendations.
- Acting professionally - display integrity and respect in their dealings with all stakeholders.
- Open and communicative - strong written and verbal communication skills, including the ability to present complex technical matters to a non-expert audience.
- Strong influencing skills - strength of character and ability to persuade and if necessary direct others.
- Valuing people - works collaboratively and flexibly showing appropriate interpersonal sensitivity, self-awareness and assertiveness.
- Project management - planning, prioritisation and timely delivery of work to required standards.
How to apply
Please visit our recruitment portal.