Back to search
Ofgem Linkedin · Posted 17d ago

Security Manager

United Kingdom

Linkedin
Continue to application Add your email once, then Caio opens the original posting.

Indexed description

About the job


Successful candidates may be based in any of our office locations – Cardiff, Glasgow or London. We especially welcome applicants from Cardiff and Glasgow. (20% hybrid, 1 day per week)


Job summary


Across government, cyber security has become a fundamental enabler of organisational resilience, public trust and the effective delivery of critical services. As digital systems and supply chains become more interconnected, the need for robust governance, risk management and assurance has grown significantly. Modern security is no longer solely a technical function; it is a strategic discipline that ensures organisations can operate safely, meet regulatory obligations and respond effectively to an evolving threat landscape.


At Ofgem, cyber security plays a vital role in delivering our mission to protect energy consumers and support the transition to a secure, affordable and sustainable energy system. As we continue to expand our digital, data and technology capabilities, ensuring that security is embedded across all aspects of our operations is essential. Within the Digital, Data and Security Services (DDSS) directorate, we are strengthening our cyber security governance, assurance and supply chain capabilities to support organisational resilience and enable innovation.


As a Security Manager, you will play a key role in shaping and delivering Ofgem’s cyber security governance, risk and assurance activities. You will work across business areas to ensure that security policies, controls and practices are effectively implemented, risks are understood and managed, and that the organisation maintains a strong, evidence-based security posture.

This is a high-impact and influential role, combining technical security expertise with strong stakeholder engagement and leadership. You will support the development of a mature security culture across Ofgem, helping ensure that colleagues understand and take ownership of cyber security responsibilities, while enabling the organisation to make informed, risk-based decisions.


Job description


You will be responsible for:

  • Leading cyber security risk assessments, threat analysis and assurance activities, ensuring alignment with government standards, regulatory requirements and organisational risk appetite
  • Providing expert advice to stakeholders on cyber security risks and mitigation strategies, enabling informed and auditable decision making
  • Supporting and delivering the Cyber Security Audit & Assurance programme, including planning and leading audits, assessing controls and reporting findings
  • Leading the development, implementation and continuous improvement of cyber security policies, standards and the Cyber Security Assurance Framework
  • Working closely with commercial teams, suppliers and contract managers to embed security considerations throughout the procurement lifecycle and across the supply chain
  • Leading supply chain security assurance activities, identifying risks and supporting the development of remediation plans with relevant stakeholders
  • Communicating complex security concepts clearly to both technical and non-technical audiences, including senior leaders
  • Monitoring compliance with security policies and contributing to the continuous improvement of governance and assurance processes
  • Promoting security awareness and supporting the development of training and guidance to strengthen organisational capability
  • Supporting the delivery of key security programmes, including CAF assessments, departmental security health checks and security testing activities


We are looking for an experienced cyber security professional with a strong background in governance, risk and compliance. You will have a proven ability to lead security-related activities or teams, and experience delivering assurance in complex organisational environments.

You will bring a deep understanding of cyber security principles and frameworks, including experience of conducting risk assessments, applying control frameworks such as ISO 27001/2, and delivering Cyber Assessment Framework (CAF) audits. Your experience will also include working with suppliers and managing security risks across the supply chain.


Your communication and influencing skills will be key to success in this role. You will be confident engaging with a wide range of stakeholders, translating technical risks into clear business impacts and helping stakeholders understand their responsibilities in managing security.

You will also have strong analytical skills, enabling you to assess both qualitative and quantitative information, develop evidence-based recommendations and support continuous improvement in security practices. Professional certifications such as CISSP or CISM will support your credibility and effectiveness in this role.


In addition, you will demonstrate the ability to operate at pace, make effective decisions in complex environments and contribute to a culture of collaboration and continuous improvement. Experience in areas such as security architecture, security operations or security awareness would be beneficial.


This is an opportunity to play a critical role in protecting Ofgem’s systems, services and data. Your work will directly support the organisation’s ability to operate securely, manage risk effectively and deliver better outcomes for energy consumers, at a time when cyber security has never been more important.


Person specification


Essential Criteria


  • Experience in Security Governance, Risk and Compliance (Lead Criteria)
  • Experience in leading a security team or a lead security-related role (Lead Criteria)
  • CISSP and or CISM
  • Knowledge of cyber security principles and good practice, including technical cyber skills
  • Experience in delivery of CAF audits
  • Experience in Supply Chain Security (1st Line)


Desirable Criteria


  • Experience in developing security education and awareness materials
  • Experience working in a cyber security role such as Secure by Design, Security Architecture or Security Operations


Behaviours


We'll assess you against these behaviours during the selection process:

  • Communicating and Influencing
  • Making Effective Decisions
  • Delivering at Pace


Technical skills


We'll assess you against these technical skills during the selection process:

  • You will also be asked to prepare a presentation. Full details of the presentation will be included in the invitation to interview.


Benefits


Alongside your salary of £49,452, OFGEM contributes £14,326 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides (opens in a new window).


Ofgem can offer you a comprehensive and competitive benefits package which includes; 30 days annual leave after 2 years; Excellent training and development opportunities; The opportunity to join the generous Civil Service pension which also includes a valuable range of benefits; hybrid working (currently 1 day a week in the office but this is kept under review), flexible working hours and family friendly policies. Plus lots of other benefits including clean and bright offices based centrally, engaged networks and teams and an opportunity to contribute to our ambitious and important targets of establishing a Net Zero energy system by 2050. This exciting blend of professional challenge and personal reward identifies career opportunities at Ofgem as something to get excited about.


Things you need to know


Artificial intelligence


Artificial intelligence can be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action. Please see our candidate guidance (opens in a new window) for more information on appropriate and inappropriate use.


Selection process details


This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours, Experience and Technical skills.

When you press the ‘Apply now’ button, you will be asked to complete personal details (not seen by the sift panel), your career history and qualifications.

You will then be asked to provide a 1250 word ‘personal statement’ evidencing how you meet the essential and desirable skills and capabilities listed in the role profile. Please ensure you demonstrate clearly, within your supporting statement, how you meet each of the criteria listed in the role profile. In the event of receiving a large number of applications, an initial sift may take place on just the lead criteria indicated in the essential criteria.


The personal information we have collected from you will be shared with Cifas who will use it to prevent fraud, other unlawful or dishonest conduct, malpractice, and other seriously improper conduct. If any of these are detected, you could be refused certain services or employment. Your personal information will also be used to verify your identity. Further details of how your information will be used by us and Cifas, and your data protection rights, can be found by [https://www.cifas.org.uk/fpn].


At Ofgem, we expect our staff to carry out their roles with honesty, fairness and openness. They should follow the Civil Service code and be free from any influence or bias. We are committed to making sure interests are recognised, declared and managed appropriately so that we can fulfil our duties as an energy regulator. Our Conflicts of Interest policy outlines the types of interests Ofgem staff must declare before onboarding, and the rules they must follow throughout employment so that we can clearly demonstrate that our decisions are not influenced by private interests.



Feedback will only be provided if you attend an interview or assessment.

Free. 20 seconds. No password. See every match in this search.

Create a free Caio profile to unlock more results and save your role and location preferences.

Unlock free search
Want help applying to roles like this? Search Caio for free. If CV tailoring and application tracking get heavy, Full Caio Agent adds a human specialist.
View Full Agent