Head of Security Operations
Posted on Sep 21, 2022 by Michael Page Technology - National Nuclear Laboratory
- Contributing to the achievement of net zero or advancing nuclear Science
- The opportunity to drive and manage Security Operations.
About Our Client
National Nuclear Laboratory Ltd (NNL) is a UK Government-owned autonomous commercial organisation that provides specialist technical advice and support to public and private sector organisations.
We have over 1600 employees and operate four laboratories focused on applying research into nuclear technologies to create world-class solutions in four focus areas:
- Clean Energy
- Environmental Restoration
- Health and Nuclear Medicine
- Security and Non-Proliferation
Whether it is contributing to the achievement of net zero or advancing nuclear science in the delivery of effective healthcare, the outcomes we achieve directly benefit us all. Furthermore, our work in these areas will continue to grow in significance for the foreseeable future.
The NNL CISO Function has been recently created following the separation of information security roles and responsibilities from the existing IT Function. This was enabled by the appointment of a new CISO and a new CIO - both reporting to the Chief Finance Officer.
The CISO Function will empower and enable our business to successfully create value with acceptable levels of information security, data privacy and cyber resilience. The new function is in a period of significant growth in size and capabilities, enabling us to set the standards for security that others will seek to emulate.
The function will comprise four functional areas:
- Security Strategy
- Security Transformation
- Security Service Delivery
- Security Operations
Reporting to the Chief Information Security Officer the Head of Security Operations will support the business in its growth strategy by leading and developing a team dedicated to:
- Defining and maintaining NNL's Information Security Incident Response Plans, ensuring required resources, systems and capabilities are in place and routinely tested.
- Implementing logging and monitoring, underpinned by threat intelligence, to prevent incidents; provide timely breach detection; and respond effectively to incidents.
- Managing through-life security tests to enable project delivery; onboard managed services; and support business operations, ensuring identified vulnerabilities are resolved.
- Lead, manage and perform all activities associated with the CISO Security Operations work.
- Form part of the CISO Function Senior Leadership Team (SLT), with specific responsibility for managing and developing the Security Operations Team.
- Deputise for the NNL CISO as required.
- Support the NNL CISO in developing and maintaining a trusted and positive working relationship with Inspectors and CISO Function within the Office for Nuclear Regulation.
- Provide the CISO initial point of contact for the Security Operations Centre (SOC) services being delivered under a third-party managed service contract.
- Working with the SOC and wider NNL business, develop NNL's Incident Response Plan (including playbooks) to ensure effective breach detection, response, recovery and learning.
- Working with the CISO SLT and wider Security and Resilience Team, plan and deliver training and exercises to confirm NNL's ability to respond effectively to security incidents.
- Establish an effective operational threat intelligence capability to ensure appropriate logging and monitoring services are established to provide appropriate threat warnings.
- Working with projects, IT and business teams, plan and routinely conduct penetration testing of new and existing systems, where appropriate including Red Team testing.
- Conduct proactive operations to hunt for threats to our information security - both within our estate and extending into third parties holding/processing sensitive NNL information.
- Develop effective working relationships with other NNL Security and CIO Teams as required, including CIO SLT, Security Liaison Officers and Information Asset Owners.
- Engage NNL's Senior Leadership, being a trusted advisor and advocate for Information Security within the business and wider industry and supporting new business opportunities.
The Successful Applicant
Experience Essential Criteria:
- Experience in leading small information security operations teams, ideally within organisations in the Nuclear sector or other UK-regulated Critical National Infrastructure organisations.
- Is a persuasive communicator using logic to win support and change views. Sets a lead in sharing knowledge across the organisation and uses a variety of effective strategies to capture and share information. Addresses and discusses concerns and ensures key stakeholders are kept informed.
- Ensures that colleagues understand how their work contributes to the security of the CISO Function and wider organisation.
- Leads teams in managing security operations and service delivery within an organisation. Identifies the need for and implements new Security Operating Procedures and practices to meet changing requirements.
- Takes Bronze level responsibility for managing and investigating Information Security incidents. Ensures that the Information Security incident management processes are aligned with generic incident management and business continuity processes. Advises on the corporate response to an incident. Ideally, possesses relevant certifications eg Crest Certified Incident Manager.
- Undertakes complex threat intelligence/modelling tasks or threat assessments without supervision. Manages threat intelligence/assessment teams. Ideally, possesses relevant certifications eg Crest Certified Threat Intelligence Manager.
- Manages intrusion and analysis teams, including those within managed SOC services. Responsible for taking decisions on an appropriate response, escalating as necessary. Liaises with relevant threat intelligence units. Ideally, possesses relevant certifications eg Crest Certified Network Intrusion Analyst; Host Intrusion Analyst; Malware Reverse Engineer.
- Manages teams conducting investigations using forensic techniques and tools. Experienced in using multiple forensic tools and techniques.
- Leads teams conducting compliance monitoring and/or controls testing, reporting findings to middle management; escalates issues as appropriate.
- Engaging and managing teams conducting red team and penetration tests, including definition of testing requirements and driving the resolution of discovered vulnerabilities.
- Advises senior management and/or contracting authorities on the Information Security requirements for third-party management. Leads the production of Information Security requirements for third parties and/or compliance processes.
- Creates and leads formal, informal or virtual teams and/or creates collaborative links with related teams. Addresses and resolves conflict within teams.
- Encourages professional development within the organisation or industry. Provides support and feedback to encourage and develop colleagues. Develops others through coaching, mentoring and advising colleagues.
- Holds or can obtain National Security Vetting (NSV) to SC level on taking up the role.
Experience Desirable Criteria:
- Member/Fellow of the Chartered Institute of Information Security or certification through an equivalent professional body.
- Be Curious
- Take Action
- Add Value
What's on Offer
Competitive salary and benefits are to be discussed on a one-to-one basis.
Where specific UK qualifications are required we will take into account overseas equivalents. All third party applications will be forwarded to Page Executive.
Ref Code: MPSSZ