About the role
Effective cyber security is increasingly important as modern technology, and interconnected devices become a fundamental part of everyday life. It’s vital to protect the devices and services we access online and at work from harm.
Our Cyber Security and Operational Resilience specialism is responsible for ensuring the civil nuclear sector protects the sensitive nuclear information it holds and appropriately safeguards the systems essential to deliver key outputs and functions.
This is achieved primarily through:
- Assessment of duty holders’ cyber security arrangements to provide confidence that risks are being adequately managed.
- Undertaking regulatory inspections with duty holders to ensure the effective implementation of technical cyber security controls to protect essential functions and the systems that support them (including information technology, operational technology, and sensitive nuclear information).
- Conducting inspections of facilities across the nuclear supply chain to ensure cyber security risks are effectively managed.
- Contributing to the development of regulatory policy and influencing the development of good practice both nationally and internationally.
- Liaison with other regulators (including those in security and safety disciplines) and various Government security and intelligence agencies, including the co-ordination of the sector’s response to high profile cyber security events and incidents.
- Representing ONR at security events and meetings, such as those organised by the International Atomic Energy Agency, the World Institute for Nuclear Security, European Nuclear Security Regulators’ Association, the UK Cyber Security Council, and those directly by the UK Nuclear industry.
Training to expand and deepen knowledge and experience in specific nuclear, cyber security, operational resilience, information assurance and regulatory topics will be given throughout the successful candidate’s career, however successful applicants will already have demonstrable experience in the field.
As experience of regulating nuclear security increases, inspectors are given the opportunity to progress and achieve promotion.
Essential skills and experience
To be effective, the candidate will require a breadth and depth of expertise and skills in technical areas (such as cyber defence, detection, response, resilience and recovery); and a firm understanding of personnel/procedural areas (such as leadership and management, culture, and competence) related to information risk management and cyber security. This is likely to include:
- Extensive understanding of the principles, processes and challenges of information risk management and its practical application in a nuclear or high-hazard environment.
- Knowledge of current cyber threats and technical security vulnerabilities.
- Application of Government protective security procedures and making balanced judgements on adequacy.
- Understanding of the principles expected for operators of essential services/ critical national infrastructure sectors in respect to cyber resilience.
- Proficiency at managing security risks in a regulated environment.
- Leadership in the assessment of cyber security arrangements, including the conduct of audits, assurance activities and/or compliance inspections.
- Delivery of concise, accurate, high quality written reports to tight deadlines.
- Proven effective judgement and decision-making skills, including an understanding of strategic impact, gathering, and analysing relevant information, evaluating options, applying logical reasoning, and making effective and proportionate risk-based recommendations.
- Being open and communicative through the ability to demonstrate highly articulate verbal and written communication skills, including the ability to present complex technical matters to a non-expert audience.
- Demonstrable strong influencing skills and an ability to persuade by working collaboratively and flexibly with all stakeholders, showing appropriate interpersonal sensitivity, self-awareness, and assertiveness.
- Evidence of managing projects through sound planning, prioritisation, and timely delivery of work to very high standards.
- Evidence of effective and professional behaviours throughout delivery of roles.
We expect all Cyber Security & Operational Resilience Inspectors to:
- Hold a relevant qualification (for example, an NCSC certified master’s degree (e.g. MSc), or equivalent Level 6 qualification (e.g. CISSP) or higher in a Cyber Security or Information Security related discipline).
- Hold Full Professional Membership (e.g. MCIIS, MBCS) and/or Chartership of an appropriate professional body (e.g. ChCSP, CITP).
Applicants who feel they possess equivalent experience, qualifications and/or professional memberships are invited to apply, however must clearly evidence how their background and skills meet these expectations.
How to apply
Please visit our recruitment portal.