Chief Information Security Officer
- Jacobs
- Moor Row, Cumbria
- 01/02/2022
Full time
Information Technology
Telecommunications
Job Description
At Jacobs, we'll inspire and empower you to deliver your best work so you can evolve, grow and succeed - today and into tomorrow. With more than 55,000 people in 40 countries, working at Jacobs offers an exciting range of opportunities to develop your career within a supportive and diverse team who always strive to do the right thing for our people, clients and communities.
People are Jacobs' greatest asset, and we offer a competitive package to retain and attract the best talent.
In addition to the benefits you'd expect, UK employees also receive free single medical cover and digital GP service, family friendly benefits such as enhanced parental leave pay, free membership of employee assistance and parental programmes, plus reimbursement towards relevant professional development and memberships.
We also give back to our communities through our Collectively program which incorporates matched-funding, paid volunteering time and charitable donations.
Job Purpose / Overview
The SZC Chief Information Security Officer (CISO) is responsible for establishing the right security and governance practices and enabling a framework for risk-free and scalable business operations in the Nuclear New Build (NNB) SZC construction and nuclear security business landscape. This is a leadership position and is focused on understanding the security challenges in the current and future state of business operations, mapping learning from NNB Hinkley Point C (HPC) Project and the Technical Services Organisation (TSO) and preparing the SZC Project organisation with the right tools, skills, resources, relationships and capabilities against growing cyber and information security risks.
Contextual Information
Operating Environment SZC project will be the largest infrastructure project in Europe following HPC. It relies on both Information Technology (IT) and Operational Technology (OT) systems and the information processed by them for safety, security and business continuity. Loss or compromise of Sensitive Nuclear Information (SNI), information subject to Export Control, sensitive commercial information (SCI) or personal information through Computer Network Exploitation (CNE), or compromise of either IT or OT systems through Computer Network Attack present serious and enduring risks to the Project, Delivery partners and Supply Chain. Understanding and mitigating Cyber Security and Information Assurance (CS&IA) risks in the context of a constantly evolving threat landscape is thus fundamental to the success of Construction, design, manufacture and commissioning in addition to business operations, which collectively support the delivery of NNB (SZC) Project. SZC is an 'nth' of a kind replication of HPC Project and the role must support intelligent replication of the security case from HPC, achieved by utilising suitably qualified and experienced personnel (SQEP) resource within the TSO.
Framework & Boundaries Maintains key relationships and works closely with the Technical Services Organisation to drive SZC Project Information Security Assurance and provide direction to cyber and information security Delivery Maintains key relationships with SZC IT delivery - IT & IM Digital Services and SZC Digital Systems and Solutions (Civils Works Programme) SZC nuclear baseline role holder Travel to TSO (Barnwood, Gloucester), SZC Project Site Offices (Suffolk) and SZC Project Offices (London) is expected as part of the role.
Principal Accountabilities End to End Security Operations - Develop and design a comprehensive Cyber Security and Information Assurance Strategy and Information Security Management System (ISMS) Engage with overall organisational data strategy and advise on the best data management approach, aligning data privacy with business objectives ensuring information security safeguards are effective. Evaluate the Information Technology Threat landscape, devise policies and controls to reduce risk and lead auditing and compliance initiatives. Act as the Intelligent Customer (IC) for End 2 End cyber and information security requirements within all Project contracts Work with the SZC Security Manager to ensure SZC Project overall security arrangements meet the required legislation, standards etc. Manage interface with TSO to develop the Operational Technology (OT) Security Plan, establish policy and define IT requirements including Instrumentation and Control (I&C) as part of the wider CS&IA strategy Manage interface with TSO to procure services of Contract Security Officers to conduct supply chain assurance. Compliance - ensure that security arrangements meet legal obligations; including GDPR, Export Control and Nuclear Industries Security Regulations (NISR) 2003. Human Resources - ensure the appropriate verification checks, security education and training programs and policies for identity and access management are in place. Disaster Recovery and Business Continuity - Ensure compliance with ISO 27001 and develop a robust crisis communication channel, disaster recovery and risk management system in line with ONR (CNSS) Security Functional Security Principles (FSyP) 1, 2, 3, 5 and 7. Documentation - Contribute to a variety of security policy domains associated with compliance, Governance, risk management, incident management and HR management IT and Cyber Security Requirements - Evaluate business opportunities, regulatory requirements and business risks associated with SZC cloud network and all Information Security Projects, defining the optimal trade-off, reporting directly to the board and specifying cyber security, information security and data management requirements internally and through supply chain. Responsible for ensuring that Supply Chain Cyber Security puts in place appropriate Cyber Security and Information Security risk management and assurance that meet the required standards. Manage and hold the interfaces with ONR Civil Nuclear Safeguard and Security (CNSS) for Information Security. Establish priority for the Construction site based Cyber Security and Information Assurance Lead (CS&IA) in risk assessment and assurance of SZC/Delivery Partner and Contractor Information and Operational Technology systems (ICS/SCADA/IoT) on the NNB Gen Co (SZC) Construction site. Support both CS&IA and (CIO) IT & IM Digital Services Cyber Security Leads with specialist Forensic investigation as a result of incident response.
Dimensions Reports to Director Safety, Security and Assurance (later this reporting line will switch to the SZC Head of Security) Dotted line reporting to TSO CISO Needs to form a strong relationship with TSO CISO lead spending time at Barnwood (Gloucester) and 90 Whitfield Street (London) to understand Project needs. Leads dotted line report; to the Cyber Security and Information Assurance Lead (Construction Site) and the IT & IM Digital Services Cyber Security Lead (SZC Common Data Environment) - works within .Knowledge, Skills, Qualifications & Experience
Essential Knowledge of Civil Nuclear Cyber Security Strategy. Established cyber security credentials. Good working knowledge of applicable international standards and information security frameworks (ISO27001, ISO27017, GDPR, Cyber Essentials Plus). Aware of risk assessment methodologies including ISO27005 and NIST. Educated to degree level (or equivalent) or have a comparable level of practical experience Knowledge and experience of NIS Regulations and Cyber Assessment Framework (CAF). Knowledge of CPNI and NCSC material including assurance of supply chain activities. Knowledge of HMG Security Policy Framework. Confident in own abilities and be able to deliver in a dynamic environment. Proven people and team leadership skills Proven stakeholder management Excellent presentation and communication skills - both written and verbal. The post holder must currently hold or be able to achieve NSV SC.
Desirable Experience working in the UK nuclear or regulated industry is highly desirable. Experience in a complex project environment including change control processes. A recognised security certification is desirable e.g. CISMP, Security , CEH. Experienced in specifying, designing and producing technical documentation to exacting standards. Excellent written English, including the preparation of suites of technical documents. Track record of providing innovative solutions within a technically complex environment - ideally within the nuclear sector Technical knowledge of physical, personnel and cyber security management systems and solutions. Experience of National Cyber Security Centre (NCSC) and Centre for the Protection of National Infrastructure (CPNI) methodologies, highly desirable. Experience working in a Project Organisation and/or with a Design Authority
Our values stand on a foundation of safety, integrity, inclusion and diversity. We put people at the heart of our business and we truly believe that by supporting one another through our culture of caring, we all succeed. We value positive mental health and a sense of belonging for all employees. Find out more about life at Jacobs.
We aim to embed inclusion and diversity in everything we do. We know that if we are inclusive, we're more connected, and if we are diverse, we're more creative. We accept people for who they are, regardless of age, disability, gender identity, gender expression, marital status, mental health, race, faith or belief, sexual orientation, socioeconomic background, and whether you're pregnant or on family leave. This is reflected in our wide range of Global Employee Networks centred on inclusion and diversity - ACE, Careers, Enlace..... click apply for full job details
People are Jacobs' greatest asset, and we offer a competitive package to retain and attract the best talent.
In addition to the benefits you'd expect, UK employees also receive free single medical cover and digital GP service, family friendly benefits such as enhanced parental leave pay, free membership of employee assistance and parental programmes, plus reimbursement towards relevant professional development and memberships.
We also give back to our communities through our Collectively program which incorporates matched-funding, paid volunteering time and charitable donations.
Job Purpose / Overview
The SZC Chief Information Security Officer (CISO) is responsible for establishing the right security and governance practices and enabling a framework for risk-free and scalable business operations in the Nuclear New Build (NNB) SZC construction and nuclear security business landscape. This is a leadership position and is focused on understanding the security challenges in the current and future state of business operations, mapping learning from NNB Hinkley Point C (HPC) Project and the Technical Services Organisation (TSO) and preparing the SZC Project organisation with the right tools, skills, resources, relationships and capabilities against growing cyber and information security risks.
Contextual Information
Operating Environment SZC project will be the largest infrastructure project in Europe following HPC. It relies on both Information Technology (IT) and Operational Technology (OT) systems and the information processed by them for safety, security and business continuity. Loss or compromise of Sensitive Nuclear Information (SNI), information subject to Export Control, sensitive commercial information (SCI) or personal information through Computer Network Exploitation (CNE), or compromise of either IT or OT systems through Computer Network Attack present serious and enduring risks to the Project, Delivery partners and Supply Chain. Understanding and mitigating Cyber Security and Information Assurance (CS&IA) risks in the context of a constantly evolving threat landscape is thus fundamental to the success of Construction, design, manufacture and commissioning in addition to business operations, which collectively support the delivery of NNB (SZC) Project. SZC is an 'nth' of a kind replication of HPC Project and the role must support intelligent replication of the security case from HPC, achieved by utilising suitably qualified and experienced personnel (SQEP) resource within the TSO.
Framework & Boundaries Maintains key relationships and works closely with the Technical Services Organisation to drive SZC Project Information Security Assurance and provide direction to cyber and information security Delivery Maintains key relationships with SZC IT delivery - IT & IM Digital Services and SZC Digital Systems and Solutions (Civils Works Programme) SZC nuclear baseline role holder Travel to TSO (Barnwood, Gloucester), SZC Project Site Offices (Suffolk) and SZC Project Offices (London) is expected as part of the role.
Principal Accountabilities End to End Security Operations - Develop and design a comprehensive Cyber Security and Information Assurance Strategy and Information Security Management System (ISMS) Engage with overall organisational data strategy and advise on the best data management approach, aligning data privacy with business objectives ensuring information security safeguards are effective. Evaluate the Information Technology Threat landscape, devise policies and controls to reduce risk and lead auditing and compliance initiatives. Act as the Intelligent Customer (IC) for End 2 End cyber and information security requirements within all Project contracts Work with the SZC Security Manager to ensure SZC Project overall security arrangements meet the required legislation, standards etc. Manage interface with TSO to develop the Operational Technology (OT) Security Plan, establish policy and define IT requirements including Instrumentation and Control (I&C) as part of the wider CS&IA strategy Manage interface with TSO to procure services of Contract Security Officers to conduct supply chain assurance. Compliance - ensure that security arrangements meet legal obligations; including GDPR, Export Control and Nuclear Industries Security Regulations (NISR) 2003. Human Resources - ensure the appropriate verification checks, security education and training programs and policies for identity and access management are in place. Disaster Recovery and Business Continuity - Ensure compliance with ISO 27001 and develop a robust crisis communication channel, disaster recovery and risk management system in line with ONR (CNSS) Security Functional Security Principles (FSyP) 1, 2, 3, 5 and 7. Documentation - Contribute to a variety of security policy domains associated with compliance, Governance, risk management, incident management and HR management IT and Cyber Security Requirements - Evaluate business opportunities, regulatory requirements and business risks associated with SZC cloud network and all Information Security Projects, defining the optimal trade-off, reporting directly to the board and specifying cyber security, information security and data management requirements internally and through supply chain. Responsible for ensuring that Supply Chain Cyber Security puts in place appropriate Cyber Security and Information Security risk management and assurance that meet the required standards. Manage and hold the interfaces with ONR Civil Nuclear Safeguard and Security (CNSS) for Information Security. Establish priority for the Construction site based Cyber Security and Information Assurance Lead (CS&IA) in risk assessment and assurance of SZC/Delivery Partner and Contractor Information and Operational Technology systems (ICS/SCADA/IoT) on the NNB Gen Co (SZC) Construction site. Support both CS&IA and (CIO) IT & IM Digital Services Cyber Security Leads with specialist Forensic investigation as a result of incident response.
Dimensions Reports to Director Safety, Security and Assurance (later this reporting line will switch to the SZC Head of Security) Dotted line reporting to TSO CISO Needs to form a strong relationship with TSO CISO lead spending time at Barnwood (Gloucester) and 90 Whitfield Street (London) to understand Project needs. Leads dotted line report; to the Cyber Security and Information Assurance Lead (Construction Site) and the IT & IM Digital Services Cyber Security Lead (SZC Common Data Environment) - works within .Knowledge, Skills, Qualifications & Experience
Essential Knowledge of Civil Nuclear Cyber Security Strategy. Established cyber security credentials. Good working knowledge of applicable international standards and information security frameworks (ISO27001, ISO27017, GDPR, Cyber Essentials Plus). Aware of risk assessment methodologies including ISO27005 and NIST. Educated to degree level (or equivalent) or have a comparable level of practical experience Knowledge and experience of NIS Regulations and Cyber Assessment Framework (CAF). Knowledge of CPNI and NCSC material including assurance of supply chain activities. Knowledge of HMG Security Policy Framework. Confident in own abilities and be able to deliver in a dynamic environment. Proven people and team leadership skills Proven stakeholder management Excellent presentation and communication skills - both written and verbal. The post holder must currently hold or be able to achieve NSV SC.
Desirable Experience working in the UK nuclear or regulated industry is highly desirable. Experience in a complex project environment including change control processes. A recognised security certification is desirable e.g. CISMP, Security , CEH. Experienced in specifying, designing and producing technical documentation to exacting standards. Excellent written English, including the preparation of suites of technical documents. Track record of providing innovative solutions within a technically complex environment - ideally within the nuclear sector Technical knowledge of physical, personnel and cyber security management systems and solutions. Experience of National Cyber Security Centre (NCSC) and Centre for the Protection of National Infrastructure (CPNI) methodologies, highly desirable. Experience working in a Project Organisation and/or with a Design Authority
Our values stand on a foundation of safety, integrity, inclusion and diversity. We put people at the heart of our business and we truly believe that by supporting one another through our culture of caring, we all succeed. We value positive mental health and a sense of belonging for all employees. Find out more about life at Jacobs.
We aim to embed inclusion and diversity in everything we do. We know that if we are inclusive, we're more connected, and if we are diverse, we're more creative. We accept people for who they are, regardless of age, disability, gender identity, gender expression, marital status, mental health, race, faith or belief, sexual orientation, socioeconomic background, and whether you're pregnant or on family leave. This is reflected in our wide range of Global Employee Networks centred on inclusion and diversity - ACE, Careers, Enlace..... click apply for full job details
About Jacobs