Cyber Security Lead – Sizewell C
United Kingdom
Full Time
3 hours ago
No Sponsorship
Key skills
CloudCyber SecuritySaaSStakeholder ManagementCommunicationPenetration Testing
About this role
Role Overview
- Provide assurance to the SZC BISO, and ultimately to the SZC Board, on the efficacy of SZC's cyber configuration and security arrangements, risks and mitigations for devices and their access controls.
- Intelligently replicate Cyber Security policies, standards, procedures and RESA governance from HPC to SZC with NS, EPRP, EIS and alliances peer review.
- Intelligent Customer (IC) responsibility for licensee Cyber Security requirements.
- Define and ensure the delivery of all assurance activities required to demonstrate compliance with all security requirements, including those specified and delivered by NS, EIS and EPRP or other third parties, that protect the confidentiality, integrity and availability of SZC information stored or processed upon devices, physical or virtual.
- Review and acceptance of security designs produced by EPRP and SZC Suppliers.
- Set the requirements and own the development and implementation of processes and procedures that deliver secure Cyber operations at SZC, including to SaaS providers.
- Ensure that all Cyber Risks are captured within project risk logs and with the BISO into security risk tools, define and assure delivery of all mitigations.
- Provide briefings to the SZC Security team on risks.
- Utilising up-to-date knowledge of Cyber security tools including in M365 to advise and support the project in delivering the best Cyber security approach that aligns data privacy, business objectives and ensuring information security safeguards are effective through assurance activities.
- Evaluate the Cyber Threat and Vulnerability landscape, proposed refinement and develop of SZC policies and controls to reduce residual risk and attack surface.
Requirements
- Knowledge of Cyber Security and assurance of deployed controls.
- Established cyber security credentials.
- Good working knowledge of applicable international standards and information security frameworks (ISO27001, CIS, NIST, GDPR, Cyber Essentials Plus).
- Aware of risk assessment methodologies including ISO27005 and NIST.
- Familiar with Cyber Security tools such as Defender for Cloud, Defender, Purview and Intune.
- Familiarity with process of Vulnerability Scanning and Management together with Penetration Testing.
- Good working knowledge of device deployment, management, patching, conditional access, isolation.
- Assurance of deployed baselines.
- Reporting and Dashboards.
- Knowledge of National Protective Security Authority (NPSA) and National Cyber Security Centre (NCSC) guidance and frameworks including Cyber Essentials.
- Confident in own abilities and be able to deliver in a dynamic environment.
- Proven stakeholder management.
- Excellent presentation and communication skills.
- The post holder must currently hold or be able to achieve National Security Vetting (NSV) Security Check (SC).
Tech Stack
- Cloud
- Cyber Security
Benefits
- No benefits listed in the job description