Regulatory Security Assurance Senior

Ofgem is Great Britain’s independent energy regulator. We’re at the forefront of change across the energy sector, driving towards Net Zero whilst protecting energy consumers, especially vulnerable people.

Ofgem is committed to making a positive difference for energy consumers through effective regulation of the market and close working with suppliers to ensure sustainable energy for consumers and businesses in the UK.

It is vital that operational systems and networks in the electricity and downstream gas sectors in Great Britain (GB) remain resilient against cyber and related security threats.

This role will be within the Cyber Profession’s Cyber Regulation Team at Ofgem, who act as the Competent Authority (CA) for implementing regulations for Operators of Essential Services (OES), to improve security and resilience in the Downstream Gas and Electricity (DGE) sector.

The key purpose of the role is to monitor, support, report and instruct against the regulatory frameworks such as the NCSC Cyber Assurance Framework to ensure operational systems and networks owned and/or managed, by OES, in the DGE sectors in GB, remain resilient against cyber and related security threats.

You’ll operate as a Senior Cyber Assurance Lead, providing cyber assurance across OES with high strategic impact to GB critical national infrastructure.

Candidates with Operational Technology, Industrial Automation and Control System or other relevant downstream gas and electricity industry experience are encouraged to apply.

Key Responsibilities 

• Lead and collaborate across a designated portfolio of Operators of Essential Services (OES).

• Manage and support assurance and engagement activities within the OES portfolio, ensuring alignment with regulatory expectations.

• Contribute to NIS inspections, including evidence reviews, onsite assessments, and the production of high-quality inspection reports.

• Review and assess OES compliance documentation, such as assurance reports (audit, exercising, testing), remediation plans, and incident reports.

• Document inspection outcomes and assurance decisions accurately and consistently.

• Escalate compliance concerns to relevant boards and collaborate with Enforcement teams to apply regulatory tools and drive improvements.

• Respond to regulatory matters, including Freedom of Information (FOI) requests, whistle-blower cases, incident reports, and investigations.

• Develop and maintain organisational policies, products, and methodologies to support continuous improvement and regulatory effectiveness.

• Produce high-quality management reports to inform decision-making and oversight.

• Maintain accurate and secure records in line with organisational standards.

• Mentor and support Cyber Associates, fostering professional development and capability growth.