Senior Technical Advisor - Cyber Security

Job Description

Ofcom looks after communications in the UK. From phones and broadband to TV, radio, post and wireless devices, we regulate services at the heart of peoples everyday lives.This is an exciting time for this work area within Ofcom. We are delivering vital work to help shape the communications services today and tomorrow. One of Ofcoms priorities is enabling strong, secure networks. The safety and security of the UKs communicationsnetworks are vitally important. We aim to deliver this by working closely with Government, National Cyber Security Centre and industry.In addition to the telecoms sector, Ofcom has new responsibilities under NIS for the Digital Infrastructure subsector. This includes companies providing essential services in the following areas:

• DNS resolution and authoritative hosting
• TLD name registries
• Internet Exchange Points

The Network Security team is responsible for delivering against these important priority areas for Ofcom.Working closely with other members of the Network Security team, this role is responsible for working across the various cyber security regulatory regimes implemented by the team. This includes:

• Telecoms sector (Telecoms Security Bill)
• Digital Infrastructure industry (Network and Information Systems Regulations - NIS)
• TBESTOfcom led penetration tests being carried out across telecoms and NIS companies.

The successful candidate will demonstrate technical insights, help develop and implement guidance on, the monitoring of network topology, security, operations and processes, so that Ofcoms security regulation is effective, appropriate and measurable.The role will primarily be assigned to one of these regimes based on candidate experience but will provide assistance across other areas as required.

• To provide cyber security technical expertise across the regulatory regimes implemented by the Network Security team
• Support the development, roll out, management and monitoring of a programme promoting compliance with the new legislation in the Telecoms Security Bill and associated guidance. This includes designing and operating a compliance monitoring regime, and contribuitngto producing an annual report for the SOS (Secretary of State) for DCMS (Department of Culture, Media and Sport) on compliance levels across the sector.
• Work with other members of the team in assessing any compliance implications arising from security and resilience breaches that are reported to Ofcom by regulated companies.
• Support the management of a threat intelligence lead vulnerability testing scheme that has been introduced across the major Communications Provider community. This will include, working with stakeholders in scoping, agreeing, and managing the testing, andmonitoring progress against a remedial action plan of vulnerability tests.
• Work closely with NCSC in their role as the UKs cyber security technical lead, DCMS, and other regulators.
• Work with colleagues in Enforcement and Legal teams in Ofcom to provide technical support in relation to any compliance enforcement activity.
• Work with industry stakeholders, Government and other relevant agencies to ensure policy goals are aligned and effectively coordinated.

• Good experience and understanding of conducting security assurance assessments or audits, and subsequent management of remediation plans, within the telecoms or the digital infrastructure sectors.
• Sound understanding of the types of threat actors that would target Ofcoms regulated sectors and security threats they present.
• Comprehensive experience in evaluating technical security vulnerabilities and identifying reasonable and appropriate control measures.
• Broad experience across all cyber security risk management domains (strategy, governance and risk management, protection, detection, response, recovery and resumption of services, situational awareness, testing).
• Understanding of network topologies including fixed, mobile, and digital infrastructure such as DNS and domain name registry services, and internet exchange points.
• Experience in practical application of cyber standards and guidance, such as 10 Steps to Cyber Security, NIST etc.
• Maintaining an ongoing awareness and understanding of emerging telecoms or digital infrastructure technologies, including via training, industry liaison and identifying, commissioning and managing specific external technical research projects.
• Excellent communication skills including clear and effective presentation skills to both internal and external audiences.

• Preferably educated to degree level (or equivalent).
• Relevant professional security qualifications, such as such as CiSP or CISM.
• Willing to obtain security clearance to SC level.

• Experience of project management including developing and delivering against plans, managing risks and issues along the way.
• Good experience and solid understanding in at least one of the following technical areas:

• • Virtualisation of telecoms networks functions
  • Telecoms signalling systems
  • Supply chain management and vendor contractual arrangements
  • Third party network access
  • User identity management
  • Asset management
  • Auditing and testing

• Knowledge of the regulatory environment.
• Experience in working in a communications provider, digital infrastructure operator, or a technology-based consultancy.

Diversity and InclusionOfcom is a forward-thinking, inclusive employer and recognises the value of diversity to truly make communications work for everyone. Here at Ofcom, our vision is to ensure people are part of an environment when they can truly strive and be themselves,therefore we aim to recruit from the widest pool of candidates possibleirrespective of social background, ethnicity, sexual orientation, gender or disability. We are an organisation that strives to be truly representative of the whole of the UK and ouraim is to be an employer of choice for everyone. <p s