JOB SUMMARY

Cyber threats are evolving, and protecting the critical systems that underpin Britain’s energy infrastructure is vital to the success of the industry. Ofgem are looking for a Head of Security Assurance to lead the delivery of cyber oversight, ensuring resilient, secure and data-focused infrastructure that protects consumers and the industry information.
Ofgem is Great Britain’s independent energy regulator. We’re at the forefront of change across the energy sector, driving towards Net Zero whilst protecting energy consumers, especially vulnerable people.
This is a rare full-time, permanent opportunity to take ownership of a nationally important cyber security function. You’ll shape how cyber risk is understood and managed across the organisation, guiding major programmes, engaging with senior leaders and government partners, and embedding security into everything we do. Your work will influence high-profile decisions, safeguard core services and help shape the UK’s wider regulatory resilience.
You’ll lead a committed, expert team that supports both current systems and future ambitions. Whether working with NCSC-aligned frameworks, steering architecture reviews or driving strategic risk conversations at board level, you’ll be at the centre of how we stay ahead of evolving threats, not just for today, but for the future.
We’re looking for a leader who brings credibility, clarity and confidence, someone who pairs technical depth with a sharp understanding of cyber risk, security architecture and assurance, and has the drive to influence, collaborate and deliver at pace.
Whether your experience comes from central government, national infrastructure, consultancy or a regulated private sector environment, you’ll have the ability to lead conversations at the highest levels and the expertise to shape how security supports Ofgem’s wider mission.
If you thrive on working across boundaries, influencing outcomes and setting direction at scale, this is your opportunity to make a difference where it truly matters.
As a key member of the Ofgem cyber leadership team, you’ll help us to continue building a flexible, hybrid working culture that focuses on inclusion, collaboration and trust. You’ll be supported by peers who value insight and impact and encouraged to lead with both purpose and perspective.
We have a critical mission to lead cyber security assurance across Ofgem’s operations, protecting the systems and services that support Britain’s transition to a fair, secure and low-carbon energy future.
Read on and find out more.

NATIONALITY REQUIREMENTS

This job is broadly open to the following groups:

• UK nationals
• nationals of the Republic of Ireland
• nationals of Commonwealth countries who have the right to work in the UK
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
• Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

Further information on nationality requirements

KEY RESPONSIBILITIES

Leadership and engagement: Working alongside other functional leaders to engage leaders across Ofgem and our partners to promote shared awareness of how Ofgem should conduct business, whilst achieving appropriate and effective security, privacy and resilience.
Strategic direction: Supporting the definition of Ofgem’s security, privacy and resilience requirements, translating them into recommended strategic options.
Intelligence analysis: Manage the routine assessment of threats affecting Ofgem, based on effective partnerships with the Security, Intelligence and Law Enforcement Agencies, other regulators and energy sector partners.
Asset and risk management: Manage the identification of critical assets (people, data, facilities) within Ofgem and our 3rd parties, analysing the risks associated with them, and capturing this information into a properly maintained risk register and action plan.
Driving Risk reduction: Developing a consolidated set of requirements for risk mitigation, turning them into viable and prioritised risk mitigation plans. Routinely reviewing progress of mitigation activities versus the plans, ensuring these activities remain aligned to Ofgem’s strategic priorities and consistent with our current threat and risk assessments.
3rd Party management: Build effective working relationships, underpinned by commercial contracts and Memorandum of Understandings, to ensure 3rd parties manage risks consistent with our requirements, Cabinet Office policy, DPA 2018/GDPR, as well as other associated regulations.
Service delivery: Providing support for monitoring the performance of services delivered by 3rd parties or other Government organisations to ensure that they are being delivered within agreed levels of service and are delivering the desired security, privacy and resilience outcomes.
Being a role model for the security and data privacy community, modelling Civil Service values to foster and develop the profession across government.
Team Management - Manage a small team of Security Architects and Security Managers to deliver security assurance aligned with industry best practice.