Chief Information Security Officer (CISO)
- NW Oldbury, South West (GBR)
- Negotiable
- 10 Years
- Start date: ASAP
- Ref: PMCISO19
- cyber security
- information security
- Nuclear Compliance
- strategy
- risk management
- incident response
- improvement plan
- information assurance
- cissp
- rmads
Chief Information Security Officer (CISO) –Ideally, the post holder will be based at Oldbury on Severn, however, it will be possible to fulfil from any of the site locations throughout the UK.
Purpose of Role
We are looking for an indivdual who will be able to develop a strategy for the organisation to meet the standards and expectations for Cyber and Information Security.
This will include the need to develop the existing team and other available resources as well as establishing the necessary protocols and procedures for implementation across the organisation.
The purpose of the role is to maintain and develop the Cyber Security and Information Assurance arrangements and ensure that those arrangements meet business needs and regulatory requirements.
The Job Holder will be responsible for ensuring that all sites maintain compliance with the Nuclear Industry Security Regulations, Security Policy Framework and relevant HMG / NDA Cyber Security Programmes.
To provide Cyber Security advice and guidance to the company and in particular the Senior Information Risk Owner (SIRO), Closure Directors, Executive and board.
Key Duties/Responsibilities/Accountabilities
Develop and implement a programme of Cyber Security and Information Assurance arrangements required to ensure compliance with business, NDA and Regulatory requirements including the Nuclear Site Cyber Security & Information Assurance Plan content for the NSSP (Nuclear Site Security Plan);
Maintain and develop appropriate technical and procedural controls to protect the confidentiality, integrity and availability of all classified information, including effective risk management through accreditation of company and supplier RMADS (or equivalent) and SyOps;
Ensure that arrangements are sufficient to deter, detect and defend against disruptive challenges, such as cyber-attacks;
Develop and deliver a Cyber Security & Information Security Strategy and Policy set aligned to the needs of the company and to NDA requirements;
Develop and deliver the Cyber Improvement plan including support to the NDA’s Cyber Security and Resilience Programme;
Ensure appropriate staff and contractor training and awareness arrangements are in place;
Ensure adequate internal and external assurance arrangements are undertaken;
Liaise with NDA estate CISOs, SLCs and NDA on specific working groups and relevant government departments and agencies;
Maintain internal and external stakeholder and Regulator relations;
Conduct and support investigations and ONR interventions as required in association with Closure Directors, the Senior Information Risk Owner (SIRO) and site representatives;
Ensure that Regulatory actions, as assigned, are actioned to closure;
Support and prepare reports for the SIRO as required;
Monitor information security trends, potential/emerging threats, vulnerabilities and evolving technologies and provide threat briefings as appropriate;
Be part of the Cyber On Call Roster and Cyber Incident Response Team, acting when needed as Cyber Duty Officer;
Identify good practice at sites and externally, and promote and deploy across the Functions/Sites through site visits and briefings;
Training
The post holder will be required to complete training as defined in Common Training Profiles, supplemented by Site Specific Training Profiles when required.
Authorisations
The post holder may be required to achieve various authorisations in order to carry out the full scope of the role.
The requirements for specific authorisations are specified in Common Authorisation Instructions.
EDUCATION / QUALIFICATIONS / TRAINING
Educated to NQF level 5 / NVQ Level 5
Hold or be working towards CISM, CISSP, C-CISO or equivalent
Additional information about the process
Capita Resourcing is the strategic resourcing business within Capita plc. We are the chosen provider of agency workers and permanent recruitment for the Nuclear Decommissioning Authority (NDA) collaborative framework, across nuclear sites and offices UK wide.NuclearWorks welcomes applications from all suitably qualified people regardless of gender, race, disability, age or sexual orientation. NuclearWorks is a trading name of Capita Business Services Ltd. Services offered are those of an Employment Agency and Employment Business.
