Ofcom looks after communications in the UK. From phones, broadband and digital infrastructure to TV, radio, post and wireless devices, we regulate services at the heart of people’s everyday lives.
This is an exciting time to join Ofcom. We are delivering vital work to help shape the communications services today and tomorrow. One of Ofcom’s priorities is enabling strong, secure networks. The safety and security of the UK’s Digital Infrastructure are vitally important. We aim to deliver this by working closely with Government, National Cyber Security Centre (NCSC) and industry.
Ofcom has responsibilities under the Network and Information Systems (NIS) Regulations, which place legal obligations on providers to protect UK critical services. Under NIS, Ofcom regulates companies in the “Digital Infrastructure subsector”. Currently this includes companies providing essential services in the following areas:
DNS resolution and authoritative hosting
TLD name registries
Internet Exchange Points
The Network Security team is responsible for delivering against this important priority for Ofcom.
Purpose of the Role
Working closely with the NIS Principal and wider Network Security team, you will be responsible for supporting the security assurance and monitoring regime among the Operators of Essential Services (OES) we are responsible for. You will assess the information that the companies provide about their security arrangements and monitor the progress of any remediation work.
Where appropriate submit formal information requests.
Update the NIS guidance documentation, review documents and consult with DSIT and other stakeholders – internally and externally.
Meet regulatory reporting requirements to NCSC and DSIT.
Monitor developments in OES security & resilience risks, assess the information that the companies provide about their security and operational resilience arrangements and monitor the progress of any remediation work.
Identify companies that could fall within the scope of the Regulations and gathering evidence to support recommendations.
Develop, where necessary, and draft security best practice and compliance guidance, carrying out and/or managing security assessments.
Understand how the evolution of technologies used in the delivery of communications networks and digital infrastructure services may affect security and resilience risks.
Develop and maintain positive and constructive relationships with stakeholders. Work closely with stakeholders to improve the levels of security and operational resilience in the companies we regulate. This will include other regulators and other relevant information assurance agencies, both within the UK and beyond, NCSC in their role as the UK’s NIS technical authority, and DSIT as the lead government department for the sector.
Work with other members of the team in responding to and assessing OES responses to security incidents which are reported to Ofcom.
Work with colleagues in Ofcom’s Enforcement Team to provide technical support in relation to any enforcement activity.
Support career development discussions, coaching, and supporting members of the team.
Promote efficiency and continuity by ensuring knowledge and best practice is embedded and shared in the team.
Work with the Directors to regularly review the operation and deliverables of the programme, establishing and employing a framework to assess performance against objectives.
Essential Requirements of the Role (Skills, knowledge and experience)
Direct experience of the architectural and operational challenges faced by companies within the NIS Digital Infrastructure subsector and/or the telecommunications sector.
Comprehensive understanding of conducting security assurance assessments, audits, and managing remediation plans, within the NIS sector and/or the telecommunications sector.
Understanding of the types of threat actors that would target Ofcom’s regulated sector and cyber security threats they present.
Experience with evaluating technical vulnerabilities and identifying reasonable and appropriate control measures.
Experience across all cyber security risk management domains (strategy; governance and risk management; protection, detection, response, recovery, and resumption of services; situational awareness; testing).
An understanding of the technologies used to provide DNS resolution/authoritative hosting, DNS TLD registries and Internet Exchange Points and related infrastructure critical to running the Internet (Digital Infrastructure subsector)
An understanding of the internet suite of protocols, networking, routing and DNS including in-depth knowledge of authoritative and recursive DNS servers, including security extensions such as DNSSEC and DoH.
Experience in practical application of leading practice cyber standards and guidance, such as 10 Steps to Cyber Security and the NIST framework.
Appreciation of and desire to promote Ofcom’s values of excellence, agility, empowerment and collaboration.
Educated to degree level (or equivalent experience).
Relevant NIS – Digital Infrastructure subsector (Internet infrastructure) or Telecoms industry experience in information security. Operational resilience would be beneficial.
Having Information security Audit qualifications would be advantageous; (ISACA Certified Information Systems Auditor (CISA) or Cybersecurity Audit Certificate or, BCS Certificate in Information Assurance Auditing or equivalent
Holds security clearance or is willing to go through security clearance to “SC” level.
Ofcom is a forward-thinking, inclusive employer and recognises the value of diversity to truly “make communications work for everyone”. Here at Ofcom, our vision is to ensure people are part of an environment when they can truly strive and be themselves, therefore we aim to recruit from the widest pool of candidates possible – irrespective of social background, ethnicity, sexual orientation, gender or disability. We are an organisation that strives to be truly representative of the whole of the UK and our aim is to be an employer of choice for everyone.
We champion flexible working and so wherever possible we support flexible working patterns including job shares.
To apply for this job please visit ofcom.wd3.myworkdayjobs.com.