RIIO-2 Cyber Security submissions review – Role 1 (CSC)

Closing date for applications: 01/11/2019
Specialist role
Cyber security consultant
Summary of the work
Review the submissions, visit the OES, facilitate workshops, ask pertinent questions on the submission in order to establish and confirm their response. One of the key outputs is to produce a decision paper for each of the assigned OES. Able to develop and retain relationships with the OES staff.
Latest start date
Expected contract length
50 days
Organisation the work is for
Gas & Electricity Markets Authority (Ofgem)
Maximum day rate
Please specify required day rate
Early market engagement
Who the specialist will work with
The Specialist will be working with other Cyber Security specialists working on the RIIO2 OES submissions. The NIS Regulations impose new duties on Operators of Essential Services (“OES”) and give relevant Competent Authorities (“CAs”) new powers and responsibilities to ensure OES are meeting those duties. Ofgem is a joint CA with BEIS, for the Downstream Gas and Electricity sectors in Great Britain.
What the specialist will work on
1. Industrial Cyber Security Specialist (x1 resource) A recognised specialist in the field of industrial control systems security. This resource will assist & review the technical aspects of the OES’s submissions, ensure alignment with NIS requirements, provide guidance and industry best practice and challenge when necessary. Candidate needs experience in the industrial cyber security space & ideally in the Energy sector, leveraging a track record of successful project implementations and deployment of transformation programmes in this field. This role will require a broad range of experience in bringing together people, processes & technology, attention to detail and senior stakeholder management.
Address where the work will take place
The majority of the reviews will take place on Ofgem's premises at 10 South Colonnade, Canary Wharf, London E14 4PU
Working arrangements
The contract will be for total of 50 input days starting in November 2019. The selected company/candidate must be available to commence this assignment on mid November 2019 and be available until late January 2020.
Security clearance
Staff visiting Ofgem’s & OEM’s premises shall hold at least a minimum of BPSS (Baseline Personnel Security Standard) level security clearance. The Contractor is responsible for obtaining clearance for all Staff and shall bear all costs associated with the clearance process.
Additional terms and conditions
How many specialists to evaluate
Cultural fit criteria
Be able to engender confidence with OES and Ofgem Work well under pressure Take responsibility for delivering successfully Work well in a transforming environment Work well in a team and autonomously
Assessment methods
Evaluation weighting
Technical competence 50% Cultural fit 20% Price 30%
Essential skills and experience
  • Have 7 years proven track record of Leading the delivery of information security strategy in the industrial cybersecurity space, policy & process development and implementation
  • Have 7 years proven track record of leading the delivery of information security programmes and projects dealing mainly with industrial control systems
  • Clear evidence of a track record of successful project engagements covering a minimum of 6 of the topics listed below
  • a) Industrial cyber security strategy & architecture
  • b) Information security governance
  • c) Perimeter security and intrusion prevention & detection
  • d) Asset management
  • e) Defence in depth architecture
  • f) Knowledge of the energy sector
  • g) Industrial control systems controls & regulations (NIS, NERC-CIP, ISA/IEC 6443, NIST 800-53/8, etc.)
  • h) Security strategy & transformation
  • i) Information Security Risk Management best practices
  • j) Network segmentation and Purdue Model
  • k) Data protection
  • l) Industrial Health & Safety requirements
  • m) Identity & Access management
  • n) Change management
  • o) Malware & antivirus management
  • p) Information Security processes & policies
  • q) Incident response
  • r) Cyber threat intelligence
  • s) Vulnerability management
  • t) System security
  • u) Security awareness and training
  • v) Security monitoring
  • w) Third party vendors & access management
  • x) Resilience and business continuity
Nice-to-have skills and experience
  • Demonstrate their knowledge of the energy sector through direct experience with energy stakeholders
  • Demonstrate aknowledge of agile working practices

Closing date for applications: 01/11/2019

RIIO-2 Cyber Security submissions review – Role 1 (CSC)

Closing date for applications: 01/11/2019

Specialist role:

Cyber security consultant




Gas & Electricity Markets Authority (Ofgem)

Maximum day rate:

Please specify required day rate

IT Recruitment Marketplace
The Hive Enterprise Centre, Victoria Avenue
Southend-on-Sea, Essex SS2 6EX
© IT Recruitment Marketplace
To change your subscription email us here