Please note that this role will close at 00:01 on Tuesday 29 April, and therefore we advise getting your application in by no later than midnight on Monday 28 April.

About Ofcom

Ofcom is the regulator for the communications services that we use and rely on each day. We make sure people get the best from their broadband, home phone and mobile services, as well as keeping an eye on TV and radio.

Our culture is clear – we live by our values: Empowerment; Excellence; Collaboration; Agility and Respect. These define how we work to deliver our purpose, now and in the future. The behaviours which support these values set the path for a fully inclusive and innovative culture at Ofcom.

We focus not only on what we do, but how we do it. We pride ourselves on being an organisation of people who genuinely care about helping others.

Ofcom has responsibilities under the Network and Information Systems (NIS) Regulations which place legal obligations on providers to protect UK critical services. Under NIS, Ofcom regulates companies in the “Digital Infrastructure subsector”. Currently this includes companies providing essential services in the following areas:

- DNS resolution and authoritative hosting

- TLD name registries

- Internet Exchange Points

The Network Security team is responsible for delivering against this important priority for Ofcom.

Purpose of the Role

Working closely with the NIS Principal and wider Network Security team, you will be responsible for supporting the security assurance and monitoring regime among the Operators of Essential Services (OES) we are responsible for. You will assess the information that the companies provide about their security arrangements and monitor the progress of any remediation work.

• Where appropriate submit formal information requests.
• Update the NIS guidance documentation, review documents and consult with DSIT and other stakeholders – internally and externally.
• Meet regulatory reporting requirements to NCSC and DSIT.

Key responsibilities

• Monitor developments in OES security & resilience risks, assess the information that the companies provide about their security and operational resilience arrangements and monitor the progress of any remediation work.
• Identify companies that could fall within the scope of the Regulations and gathering evidence to support recommendations.
• Develop, where necessary, and draft security best practice and compliance guidance, carrying out and/or managing security assessments.
• Understand how the evolution of technologies used in the delivery of communications networks and digital infrastructure services may affect security and resilience risks.
• Develop and maintain positive and constructive relationships with stakeholders. Work closely with stakeholders to improve the levels of security and operational resilience in the companies we regulate. This will include other regulators and other relevant information assurance agencies, both within the UK and beyond, NCSC in their role as the UK’s NIS technical authority, and DSIT as the lead government department for the sector.
• Work with other members of the team in responding to and assessing OES responses to security incidents which are reported to Ofcom.
• Work with colleagues in Ofcom’s Enforcement Team to provide technical support in relation to any enforcement activity.
• Support career development discussions, coaching, and supporting members of the team.
• Promote efficiency and continuity by ensuring knowledge and best practice is embedded and shared in the team.
• Work with the Directors to regularly review the operation and deliverables of the programme, establishing and employing a framework to assess performance against objectives.

Skills, Knowledge and experience

• Direct experience of the business, technical, and security challenges faced by companies within the NIS Digital Infrastructure subsector and/or the telecommunications or cloud services sector.
• Comprehensive understanding of conducting security assurance assessments, audits, and managing remediation plans, within the NIS sector and/or the telecommunications or cloud services sector.
• Understanding of the types of threat actors that would target Ofcom's regulated sector and cyber security threats they present.
• Experience with evaluating technical vulnerabilities and identifying reasonable and appropriate control measures.
• Experience across all cyber security risk management domains (strategy; governance and risk management; protection, detection, response, recovery, and resumption of services; testing).
• An understanding of the technologies used to provide DNS resolution/authoritative hosting, DNS TLD registries and Internet Exchange Points and related infrastructure critical to running the Internet (Digital Infrastructure subsector).
• An understanding of the internet suite of protocols, networking, routing and DNS including in-depth knowledge of authoritative and recursive DNS servers, including security extensions such as DNSSEC and DoH, as well as BGP.
• Experience in practical application of leading practice cyber standards and guidance, such as the NCSC’s Cyber Assessment Framework (CAF), ISO 27001, and the NIST CyberSecurity Framework (CSF).

Competences

Building Solutions / Executing Plans:

- Takes responsibility for delivery to time, quality, and cost across a range of projects/programme, setting direction for the scope of the work

- Takes account of strategic priorities when identifying requirements and negotiating for resources

- Ensures the project/programme delivers objectives consistent with Ofcom’s strategy

- Proactively focuses resources (time, money, people) on the real priorities for Ofcom’s success

Forming Relationships / Channelling Influence:

- Builds effective relationships, adapting own style and approach when appropriate with a good understanding of multinational and multicultural environments.

- Displays professional integrity and objectivity in dealings with colleagues and stakeholders.

- Motivates the team to perform effectively and deliver value for money

- Inspires people to stretch to achieve more than they thought possible.

Articulating Ideas:

- Communicates openly and honestly, even when it’s difficult - Handles objections and questions professionally, providing rational responses

- Takes responsibility for bringing together material for high profile/ complex documents

Evaluating Problems / Generating Insights:

- Comfortably works with ambiguity and is responsive to ambiguous situations - Gets to the heart of complex issues, demonstrating command of detail and of the bigger picture

- Role models flexibility and helps others to adapt to change

- Promotes an environment of continuous improvement

Harmonising Work:

- Appreciation of and desire to promote Ofcom's values of excellence, agility, empowerment, collaboration and respect.

Qualifications

• Educated to degree level (or equivalent experience).
• Relevant NIS - Digital Infrastructure subsector (Internet infrastructure) or Telecoms industry experience in information security. Operational resilience would be beneficial.
• Having Information security Audit qualifications would be advantageous; (ISACA Certified Information Systems Auditor (CISA) or Cybersecurity Audit Certificate or, BCS Certificate in Information Assurance Auditing or equivalent
• Holds security clearance or is willing to go through security clearance to “SC” level.

At Ofcom we prioritise inclusive and diverse recruitment in order to truly reflect the society we represent.

Where positions are listed as full time, we remain open to reduced hours, part-time arrangements, job shares and other flexible working options from day one of employment. We warmly welcome applications from candidate returning to work after a break – for whatever reason.

As a disability confident employer, we offer interviews to any disabled applicant who meet essential criteria for advertised roles. Learn more about the scheme here.

If you need information in an alternative format or have specific preferences, please contact our recruitment team.