Cyber Security Training and Awareness Specialist

Location: Ipswich, GB

Reference Number - 79374

This Cyber Security Training and Awareness Specialist will report to the Cyber Security Architecture Manager and will work within the Information Systems directorate based in either our Ipswich, Crawley or London office. You will be a permanent employee.

You will attract a salary of £49,000.00 and a bonus of 7.5%. This role can also offer blended working after probationary period (6 months) - 3 days in the office and 2 remote

Close Date:. 07/08/2024

We also provide the following additional benefits

• 25 Days Annual Leave plus bank holidays

• Personal Pension Plan - Personal contribution rates of 4% or 5% (UK Power Networks will make a corresponding contribution of 8% or 10%)

• Tenancy Loan Deposit scheme

• Tax efficient benefits: cycle to work scheme

• Season ticket loan

• Occupational Health support

JOB PURPOSE:

You will develop and deliver cyber security education and awareness programs for UK Power Networks. Collaborate with the Cyber Security, Information Systems Teams, and partners to identify the training and awareness needs, design and implement solutions, and measure the impact and outcomes of the programs.

• People - Work collaboratively in a team of circa 9 permanent and temporary cyber security operations staff, and across the wider IS team.

• Suppliers - regular interaction with specialist cyber security training vendors and partners.

• Communication - Able to communicate technical cyber security concepts to all kinds of colleagues across various levels of seniority so that they understand the situation, and the associated risk to UK Power Networks.

• Partners - Establish and maintain collaborative working relationships with other teams, including IT, HR and Legal, and third party providers, suppliers, and partners to improve outcomes and create understanding around a course of action.

PRINCIPAL ACCOUNTABILITIES:

1. Develop the cyber security training and awareness roadmap that aligns with UK Power Networks goals, visions, and strategic goals.

2. Create engaging and interactive cyber security training and awareness content and materials, such as e-learning modules, webinars, workshops, newsletters, posters, videos, games, quizzes, etc.

3. Conduct regular assessments and surveys to evaluate the effectiveness and satisfaction of the cyber security training and awareness programs and provide feedback and recommendations for improvement.

4. Report on the progress and performance of the cyber security training and awareness programs and ensure compliance with the relevant standards.

5. Research and stay updated on the latest cyber security trends, threats, and best practices, and incorporate them into the training and awareness programs.

6. Develop role-based Cyber Security Training for the Cyber Security Team, covering cyber operations, architecture, governance risk and compliance and testing. Maintain the cyber security skills matrix to inform the role-based training requirements.

NATURE AND SCOPE:

The Information Systems Department works across UK Power Networks, supporting us in the achievement of our vision to become the best performing DNO. The team achieve this through the provision of technology solutions and the optimisation of current solutions to improve how we operate. Continuous improvement, customer service and seamless delivery is at the heart of this ethos and are therefore strongly underpinned by effective cyber security.

The main measure of success for this role is upholding and enhancing the cyber security posture of UK Power Networks through training and awareness across the business.

Qualifications:

1. Work experience: experience developing and delivering cyber security training and awareness programs, preferably in a large organization.

2. Training Delivery and Facilitation: deliver and facilitate cyber security training and awareness sessions using multiple modes and platforms, such as face-to-face, online, synchronous, asynchronous, etc., and to adapt to the needs and preferences of different learners and groups.

3. Communication and Presentation: The ability to present complex and technical cyber security information in a compelling way, using appropriate language, tone, and visuals, and to tailor the message to the audience and the context.

4. Stakeholder Management and Collaboration: The ability to collaborate with multiple partners, such as management, IT, HR, legal, compliance, etc., to align the cyber security training and awareness objectives with the organizational goals and policies, and to obtain their support and feedback.

5. Certifications: A bachelor's degree in cyber security, information technology, education, communication, or related field, or equivalent work experience.

Cyber Security Architect

Location: Ipswich, GB

Reference Number - 79372

This Cyber Security Architect will report to the Cyber Security Architecture Manager and will work within the Information Systems directorate based in either our Fore Hamlet, Ipswich or Crawley or London office. You will be a permanent employee.

You will attract a salary of £57,600.00 and a bonus of 7.5%. This role can also offer blended working after probationary period (6 months) - 3 days in the office and 2 remote

Close Date: 07/08/2024

We also provide the following additional benefits

• 25 Days Annual Leave plus bank holidays

• Personal Pension Plan - Personal contribution rates of 4% or 5% (UK Power Networks will make a corresponding contribution of 8% or 10%)

• Tenancy Loan Deposit scheme

• Tax efficient benefits: cycle to work scheme

• Season ticket loan

• Occupational Health support

JOB PURPOSE:

You will develop the security systems and policies within the organisation and will ensure that UK Power Networks data, network, and systems are protected from cyber threats and will comply with the relevant standards and regulations.

DIMENSIONS:

UK Power Networks is expanding its presence in Microsoft Azure and enhancing its on-prem OT Mission Critical Systems. It is necessary that a secure environment is developed for the hosting and management of our critical information assets. We ask that you have a blend of skillsets across cyber security including solution design, configuration, implementation, operation, governance, change management, communications, and the understanding of protecting data in employing the use of relevant encryption standards.

• People - work collaboratively in a team of circa 8 permanent and temporary cyber security architecture resources.

• Communication - communicate technical cyber security concepts to all kinds of colleagues across different levels of seniority to facilitate and ensure common understanding of decisions taken across the business.

PRINCIPAL ACCOUNTABILITIES:

1. Implement the cyber security plans, technology roadmaps based on sound enterprise architecture practices to help implement UK Power Networks Cyber Security Strategy ensuring agreement to the company vision, values, and strategic goals.

2. Develop the security architecture framework including policies, standards, blueprints and procedures that enables the enterprise to develop and implement security solutions and capabilities in projects and operations that are aligned with business, technology, and threat drivers.

3. Participate in the Architecture Review Board (ARB) as the design authority for all cyber security for all cyber security matters through the review and approval of all solution proposals.

4. Create target and transition architectures which conform to best practice, and UKPN's Information Security policies and underpinning standards.

5. Translate our requirements into technical solutions, and communicate with product teams on your design.

6. Develop cloud security measurement tooling to manage cloud performance, resources, and cost to ensure budgetary compliance and make recommendations for improvement.

Qualifications:

1. Experience acquiring an understanding of cyber security technologies and principles within an operational technology (OT) environment or enterprise environments and utilising the security features of Azure Cloud, Microsoft 365, and other Cyber related Solutions.

2. Experience working as a Cyber Security Architect, OT Cyber Security Architect, Cloud Security Architect (DevSecOps) or relevant Cyber Engineering Role with Architecture responsibilities.

3. A degree in Computer Science, Computer Engineering, Information Technology, or relevant field with cognate experience designing, implementing, and supporting Cyber Security solutions.

4. Relevant security certifications such as Microsoft Azure Security Technologies (AZ-500), Azure Solutions Architect Expert or Further security certifications include CISSP, CISSP-ISSAP, CCSP, CCSK, or CompTIA are desirable.

5. Containerisation experience with Azure Kubernetes Service (AKS) and Docker, including the use of tools such as Vagrant and LXC

6. Experience with Infrastructure as Code (IaC) Automation tools, such as Terraform and deploying "secure by design" IaC approach with the DevOps team.

7. Working knowledge of Cyber Essentials, ISO27001:2022, CSA Cloud Controls Matrix, NCSC CAF and GDPR, is important to ensure that data is being managed in a compliant manner.

8. Quality review solution providers high- and low-level solution designs ensuring they align to the data architecture and policies.

9. Proven experience of developing a credible and practical target architecture for the Security domain, which supports the Business and IT strategy.Experience working within a regulated environment, preferably Energy sector Critical National Infrastructure (CNI)

Cyber Security Solutions Engineer

Location: Ipswich, GB

Reference Number - 79373

This Cyber Security Solutions Engineer will report to the Cyber Security Architecture Manager and will work within the Information Systems directorate based in either our Ipswich, Crawley or London office. You will be a permanent employee.

You will attract a salary of £57,600.00 and a bonus of 7.5%. This role can also offer blended working after probationary period (6 months) - 3 days in the office and 2 remote

Close Date: 07/08/2024

We also provide the following additional benefits

• 25 Days Annual Leave plus bank holidays

• Personal Pension Plan - Personal contribution rates of 4% or 5% (UK Power Networks will make a corresponding contribution of 8% or 10%)

• Tenancy Loan Deposit scheme

• Tax efficient benefits: cycle to work scheme

• Season ticket loan

• Occupational Health support

DIMENSIONS:

UK Power Networks is expanding its presence in Microsoft Azure and enhancing its on-prem OT Mission Critical Systems. It is necessary that a secure environment is developed for the hosting and management of our critical information assets. We ask that you have a blend of skillsets across cyber security including solution design, configuration, implementation, operation, governance, change management, communications, and the understanding of protecting data in employing the use of relevant encryption standards.

• Communication - able to communicate technical cyber security concepts to all kinds of colleagues across multiple levels of seniority to facilitate and ensure common understanding of decisions taken across the business.

• PRINCIPAL ACCOUNTABILITIES:

1. Ensure highest standards of safety are applied across all responsibilities.

2. Implement the cyber security plans, technology roadmaps based on sound cyber security best practices to help implement UK Power Networks Cyber Security Strategy ensuring alignment to the company vision, values, and strategic goals.

3. Support the Cyber Security Architects, research new security technologies, toolsets, and solutions for both OT and Enterprise on-prem and cloud infrastructures.

4. Work as an important partner with third party vendors to design and implement proof of concept (PoC) cyber security solutions and evaluate against strict requirements and criteria following UK Power Networks policies and the cyber security technology roadmap.

5. Support the Cyber Security Teams at a technical level to install cyber security product technologies and systems, such as firewalls, end point protection, encryption, VPN, SIEM, PAM, VM etc.

6. Translate our requirements into technical solutions, and communicate with product teams on your solution design.

Qualifications:

1. Work experience: Experience in cyber security, preferably in a security engineering or a security architecture role. Hands-on experience designing, implementing, and maintaining security solutions for multiple platforms, and using various security technologies and performing security testing and analysis.

2. Cyber Security Knowledge: An understanding of the principles and standards of cyber security, such as encryption, authentication, authorization, network security, application security, cloud security, and threat intelligence.

3. Security Solutions Design: Ability to design and implement security solutions that meet the requirements and goals. Analyse the security requirements, identify the security gaps, and propose the best security architectures to address them. Evaluate the costs, benefits, and trade-offs of different security solutions and make recommendations based on the UK Power Networks Policies, Standards and Security Patterns.

4. Security Tools and Technologies: Proficient in using multiple security technologies, such as firewalls, end point protection, intrusion detection and prevention systems, vulnerability scanners, encryption software, VPNs, and SIEMs.

5. Programming and scripting: Proficient programming and scripting skills to automate security tasks, develop custom security scripts and tools, and perform security testing and analysis. Familiar with some of the common programming and scripting languages used in cyber security, such as Python, PowerShell, Bash, Java, C#, and SQL.

6. Certifications: Relevant certifications in cyber security, such as CISSP, CISM, CEH, SSCP, or CCSP. Further technical certifications in Microsoft Azure, Networking, Firewall, SIEM, PAM or VM Products are beneficial.

7. Technical Capabilities: Technical competence in one or more of the following areas: Industrial Protocols (DNP3, ICCP, IEC-61850), IPSec VPN's, Networking, Network Security, RADIUS, MFA, Microsoft/Linux Operating Systems, Virtualization Platforms such as (VMware, Hyper-V, OpenShift), Cloud Security in Azure, PKI and Certificates.