Search
Header navigation
Security Manager

Security Manager

OFGEM
remoteHybrid
ExpiresExpires: Expiring in less than 3 weeks
Security
Flexible
£49,452 - £62,699 per year

Job summary

Across government, cyber security has become a fundamental enabler of organisational resilience, public trust and the effective delivery of critical services. As digital systems and supply chains become more interconnected, the need for robust governance, risk management and assurance has grown significantly. Modern security is no longer solely a technical function; it is a strategic discipline that ensures organisations can operate safely, meet regulatory obligations and respond effectively to an evolving threat landscape.

At Ofgem, cyber security plays a vital role in delivering our mission to protect energy consumers and support the transition to a secure, affordable and sustainable energy system. As we continue to expand our digital, data and technology capabilities, ensuring that security is embedded across all aspects of our operations is essential. Within the Digital, Data and Security Services (DDSS) directorate, we are strengthening our cyber security governance, assurance and supply chain capabilities to support organisational resilience and enable innovation.

As a Security Manager, you will play a key role in shaping and delivering Ofgem’s cyber security governance, risk and assurance activities. You will work across business areas to ensure that security policies, controls and practices are effectively implemented, risks are understood and managed, and that the organisation maintains a strong, evidence-based security posture.

This is a high-impact and influential role, combining technical security expertise with strong stakeholder engagement and leadership. You will support the development of a mature security culture across Ofgem, helping ensure that colleagues understand and take ownership of cyber security responsibilities, while enabling the organisation to make informed, risk-based decisions.

Job description

You will be responsible for:

  • Leading cyber security risk assessments, threat analysis and assurance activities, ensuring alignment with government standards, regulatory requirements and organisational risk appetite
  • Providing expert advice to stakeholders on cyber security risks and mitigation strategies, enabling informed and auditable decision making
  • Supporting and delivering the Cyber Security Audit & Assurance programme, including planning and leading audits, assessing controls and reporting findings
  • Leading the development, implementation and continuous improvement of cyber security policies, standards and the Cyber Security Assurance Framework
  • Working closely with commercial teams, suppliers and contract managers to embed security considerations throughout the procurement lifecycle and across the supply chain
  • Leading supply chain security assurance activities, identifying risks and supporting the development of remediation plans with relevant stakeholders
  • Communicating complex security concepts clearly to both technical and non-technical audiences, including senior leaders
  • Monitoring compliance with security policies and contributing to the continuous improvement of governance and assurance processes
  • Promoting security awareness and supporting the development of training and guidance to strengthen organisational capability
  • Supporting the delivery of key security programmes, including CAF assessments, departmental security health checks and security testing activities

We are looking for an experienced cyber security professional with a strong background in governance, risk and compliance. You will have a proven ability to lead security-related activities or teams, and experience delivering assurance in complex organisational environments.

You will bring a deep understanding of cyber security principles and frameworks, including experience of conducting risk assessments, applying control frameworks such as ISO 27001/2, and delivering Cyber Assessment Framework (CAF) audits. Your experience will also include working with suppliers and managing security risks across the supply chain.

Your communication and influencing skills will be key to success in this role. You will be confident engaging with a wide range of stakeholders, translating technical risks into clear business impacts and helping stakeholders understand their responsibilities in managing security.

You will also have strong analytical skills, enabling you to assess both qualitative and quantitative information, develop evidence-based recommendations and support continuous improvement in security practices. Professional certifications such as CISSP or CISM will support your credibility and effectiveness in this role.

In addition, you will demonstrate the ability to operate at pace, make effective decisions in complex environments and contribute to a culture of collaboration and continuous improvement. Experience in areas such as security architecture, security operations or security awareness would be beneficial.

This is an opportunity to play a critical role in protecting Ofgem’s systems, services and data. Your work will directly support the organisation’s ability to operate securely, manage risk effectively and deliver better outcomes for energy consumers, at a time when cyber security has never been more important.

Person specification

Essential Criteria

  • Experience in Security Governance, Risk and Compliance (Lead Criteria)
  • Experience in leading a security team or a lead security-related role (Lead Criteria)
  • CISSP and or CISM
  • Knowledge of cyber security principles and good practice, including technical cyber skills
  • Experience in delivery of CAF audits
  • Experience in Supply Chain Security (1st Line)

Desirable Criteria

  • Experience in developing security education and awareness materials
  • Experience working in a cyber security role such as Secure by Design, Security Architecture or Security Operations

Behaviours

We'll assess you against these behaviours during the selection process:

  • Communicating and Influencing
  • Making Effective Decisions
  • Delivering at Pace

Technical skills

We'll assess you against these technical skills during the selection process:

  • You will also be asked to prepare a presentation. Full details of the presentation will be included in the invitation to interview.

Benefits

Alongside your salary of £49,452, OFGEM contributes £14,326 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides (opens in a new window).Ofgem can offer you a comprehensive and competitive benefits package which includes; 30 days annual leave after 2 years; Excellent training and development opportunities; The opportunity to join the generous Civil Service pension which also includes a valuable range of benefits; hybrid working (currently 1 day a week in the office but this is kept under review), flexible working hours and family friendly policies. Plus lots of other benefits including clean and bright offices based centrally, engaged networks and teams and an opportunity to contribute to our ambitious and important targets of establishing a Net Zero energy system by 2050. This exciting blend of professional challenge and personal reward identifies career opportunities at Ofgem as something to get excited about.

Things you need to know

Artificial intelligence

Artificial intelligence can be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action. Please see our candidate guidance (opens in a new window) for more information on appropriate and inappropriate use.

Selection process details

This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours, Experience and Technical skills.

When you press the ‘Apply now’ button, you will be asked to complete personal details (not seen by the sift panel), your career history and qualifications.

You will then be asked to provide a 1250 word ‘personal statement’ evidencing how you meet the essential and desirable skills and capabilities listed in the role profile. Please ensure you demonstrate clearly, within your supporting statement, how you meet each of the criteria listed in the role profile. In the event of receiving a large number of applications, an initial sift may take place on just the lead criteria indicated in the essential criteria.

The personal information we have collected from you will be shared with Cifas who will use it to prevent fraud, other unlawful or dishonest conduct, malpractice, and other seriously improper conduct. If any of these are detected, you could be refused certain services or employment. Your personal information will also be used to verify your identity. Further details of how your information will be used by us and Cifas, and your data protection rights, can be found by [https://www.cifas.org.uk/fpn].

At Ofgem, we expect our staff to carry out their roles with honesty, fairness and openness. They should follow the Civil Service code and be free from any influence or bias. We are committed to making sure interests are recognised, declared and managed appropriately so that we can fulfil our duties as an energy regulator. Our Conflicts of Interest policy outlines the types of interests Ofgem staff must declare before onboarding, and the rules they must follow throughout employment so that we can clearly demonstrate that our decisions are not influenced by private interests.



Feedback will only be provided if you attend an interview or assessment.

Security

Successful candidates must undergo a criminal record check.Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window).

See our vetting charter (opens in a new window).People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

This job is broadly open to the following groups:

  • UK nationals
  • nationals of the Republic of Ireland
  • nationals of Commonwealth countries who have the right to work in the UK
  • nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
  • nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
  • individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
  • Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service
Further information on nationality requirements (opens in a new window)

Working for the Civil Service

Please note this Post is NOT regulated by the Civil Service Commission.The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.

Diversity and Inclusion

The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see theCivil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window).

Apply and further information

This vacancy is part of the Great Place to Work for Veterans (opens in a new window) initiative.The Civil Service welcomes applications from people who have recently left prison or have an unspent conviction. Read more about prison leaver recruitment (opens in new window).Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.

Contact point for applicants

Job contact :

Recruitment team

Further information

Appointment to the Civil Service is governed by the Civil Service Commission’s Recruitment Principles. You have the right to complain if you feel there has been a breach of these Recruitment Principles.

In the first instance, you should raise the matter directly via recruitment@ofgem.gov.uk. If you are not satisfied with the response, you may bring your complaint to the Commission. For further information on bringing a complaint to the Civil Service Commission, please visit their website.

Attachments

DDSS Role Profile Security Manager (2B) Opens in new window (pdf, 111kB)DDSS Candidate Pack, Security Manager (1) Opens in new window (pdf, 2735kB)Terms and Conditions Opens in new window (pdf, 335kB)

Salary range

  • £49,452 - £62,699 per year