Cyber Security Lead (Sizewell C)
The Sizewell C Jobs Service supports local people into exciting, long-term careers across our Project.#SZCJobs
Cyber Security Lead (Sizewell C)
Mactech Engineering & Inspection
Sizewell C
Vacancy Overview:
Are you looking for a career which is rewarding, at the cutting edge of project development and where you can really make a difference? Come and join our expanding Sizewell C (SZC) team and work on one of the most exciting and largest megaprojects in the UK, whilst being at the forefront of the UK's climate change agenda and energy policy. Following on from the success of Hinkley Point C (HPC), the SZC Project is a nuclear new build project in Suffolk, which has obtained planning approval and Government financing support. The project has started construction and is now seeking private investment. When completed, it will provide dependable electricity to 6 million homes for 60 years, which along with renewables, will support Britain to achieve Net Zero by 2050.
Principal Accountabilities
• Provide assurance to the SZC BISO, and ultimately to the SZC Board, on the efficacy of SZC's cyber configuration and security arrangements, risks and mitigations for devices and their access controls.
• Intelligently replicate Cyber Security policies, standards, procedures and RESA governance from HPC to SZC with NS, EPRP, EIS and alliances peer review.
• Intelligent Customer (IC) responsibility for licensee Cyber Security requirements.
• Define and ensure the delivery of all assurance activities required to demonstrate compliance with all security requirements, including those specified and delivered by NS, EIS and EPRP or other third parties, that protect the confidentiality, integrity and availability of SZC information stored or processed upon devices, physical or virtual.
• Review and acceptance of security designs produced by EPRP and SZC Suppliers.
• Set the requirements and own the development and implementation of processes and procedures that deliver secure Cyber operations at SZC, including to SaaS providers.
• Ensure that all Cyber Risks are captured within project risk logs and with the BISO into security risk tools, define and assure delivery of all mitigations. Provide briefings to the SZC Security team on risks.
• Utilising up-to-date knowledge of Cyber security tools including in M365 to advise and support the project in delivering the best Cyber security approach that aligns data privacy, business objectives and ensuring information security safeguards are effective through assurance activities.
• Evaluate the Cyber Threat and Vulnerability landscape, proposed refinement and develop of SZC policies and controls to reduce residual risk and attack surface.
Knowledge, Skills, Qualifications, Experience
Essential
• Knowledge of Cyber Security and assurance of deployed controls.
• Established cyber security credentials.
• Good working knowledge of applicable international standards and information security frameworks (ISO27001, CIS, NIST, GDPR, Cyber Essentials Plus).
• Aware of risk assessment methodologies including ISO27005 and NIST.
• Familiar with Cyber Security tools such as Defender for Cloud, Defender, Purview and Intune
• Familiarity with process of Vulnerability Scanning and Management together with Penetration Testing.
• Good working knowledge of:
• Device deployment, management, patching, conditional access, isolation.
• Assurance of deployed baselines
• Reporting and Dashboards.
• Knowledge of National Protective Security Authority (NPSA) and National Cyber Security Centre (NCSC) guidance and frameworks including Cyber Essentials.
• Confident in own abilities and be able to deliver in a dynamic environment.
• Proven stakeholder management.
• Excellent presentation and communication skills
• The post holder must currently hold or be able to achieve National Security Vetting (NSV) Security Check (SC).
• A role requiring regular visits to offices, partners, alliances and sites and temporary structures around them.
Desirable
• Experience working in the UK nuclear or regulated industry is highly desirable.
• Experience in a complex project environment including change control processes.
• Excellent written English, including the preparation of suites of technical documents.
For this role you must have evidence of right to work in the UK. As a project, we do not discriminate on the grounds of age, gender, race, colour, religion, disability or sexual orientation, and we welcome applications from all sections of the community.
The Sizewell C Jobs Service supports local people into exciting, long-term careers across our Project.#SZCJobs
Cyber Security Lead (Sizewell C)
Mactech Engineering & Inspection
Sizewell C
Vacancy Overview:
Are you looking for a career which is rewarding, at the cutting edge of project development and where you can really make a difference? Come and join our expanding Sizewell C (SZC) team and work on one of the most exciting and largest megaprojects in the UK, whilst being at the forefront of the UK's climate change agenda and energy policy. Following on from the success of Hinkley Point C (HPC), the SZC Project is a nuclear new build project in Suffolk, which has obtained planning approval and Government financing support. The project has started construction and is now seeking private investment. When completed, it will provide dependable electricity to 6 million homes for 60 years, which along with renewables, will support Britain to achieve Net Zero by 2050.
Principal Accountabilities
• Provide assurance to the SZC BISO, and ultimately to the SZC Board, on the efficacy of SZC's cyber configuration and security arrangements, risks and mitigations for devices and their access controls.
• Intelligently replicate Cyber Security policies, standards, procedures and RESA governance from HPC to SZC with NS, EPRP, EIS and alliances peer review.
• Intelligent Customer (IC) responsibility for licensee Cyber Security requirements.
• Define and ensure the delivery of all assurance activities required to demonstrate compliance with all security requirements, including those specified and delivered by NS, EIS and EPRP or other third parties, that protect the confidentiality, integrity and availability of SZC information stored or processed upon devices, physical or virtual.
• Review and acceptance of security designs produced by EPRP and SZC Suppliers.
• Set the requirements and own the development and implementation of processes and procedures that deliver secure Cyber operations at SZC, including to SaaS providers.
• Ensure that all Cyber Risks are captured within project risk logs and with the BISO into security risk tools, define and assure delivery of all mitigations. Provide briefings to the SZC Security team on risks.
• Utilising up-to-date knowledge of Cyber security tools including in M365 to advise and support the project in delivering the best Cyber security approach that aligns data privacy, business objectives and ensuring information security safeguards are effective through assurance activities.
• Evaluate the Cyber Threat and Vulnerability landscape, proposed refinement and develop of SZC policies and controls to reduce residual risk and attack surface.
Knowledge, Skills, Qualifications, Experience
Essential
• Knowledge of Cyber Security and assurance of deployed controls.
• Established cyber security credentials.
• Good working knowledge of applicable international standards and information security frameworks (ISO27001, CIS, NIST, GDPR, Cyber Essentials Plus).
• Aware of risk assessment methodologies including ISO27005 and NIST.
• Familiar with Cyber Security tools such as Defender for Cloud, Defender, Purview and Intune
• Familiarity with process of Vulnerability Scanning and Management together with Penetration Testing.
• Good working knowledge of:
• Device deployment, management, patching, conditional access, isolation.
• Assurance of deployed baselines
• Reporting and Dashboards.
• Knowledge of National Protective Security Authority (NPSA) and National Cyber Security Centre (NCSC) guidance and frameworks including Cyber Essentials.
• Confident in own abilities and be able to deliver in a dynamic environment.
• Proven stakeholder management.
• Excellent presentation and communication skills
• The post holder must currently hold or be able to achieve National Security Vetting (NSV) Security Check (SC).
• A role requiring regular visits to offices, partners, alliances and sites and temporary structures around them.
Desirable
• Experience working in the UK nuclear or regulated industry is highly desirable.
• Experience in a complex project environment including change control processes.
• Excellent written English, including the preparation of suites of technical documents.
For this role you must have evidence of right to work in the UK. As a project, we do not discriminate on the grounds of age, gender, race, colour, religion, disability or sexual orientation, and we welcome applications from all sections of the community.