Senior Technical Advisor – NIS

Requirements of the role

Ofcom looks after communications in the UK. From phones, broadband and digital infrastructure to TV, radio, post and wireless devices, we regulate services at the heart of people’s everyday lives.

This is an exciting time to join Ofcom. We are delivering vital work to help shape the communications services of today and tomorrow. One of Ofcom’s priorities is enabling strong, secure networks. The safety and security of the UK’s Digital Infrastructure is vitally important. We aim to deliver this by working closely with Government, National Cyber Security Centre (NCSC) and industry.

Ofcom has responsibilities under the Network and Information Systems (NIS) Regulations which place legal obligations on providers to protect UK critical services. Under NIS, Ofcom regulates companies in the “Digital Infrastructure subsector”. Currently this includes companies providing essential services in the following areas:

DNS resolution and authoritative hosting

TLD name registries

Internet Exchange Points

The Network Security team is responsible for delivering against this important priority for Ofcom.

Working closely with the NIS Principal and wider Network Security team, you will be responsible for supporting the security assurance and monitoring regime among the Operators of Essential Services (OES) we are responsible for. You will assess the information that the companies provide about their security arrangements and monitor the progress of any remediation work.

Where appropriate submit formal information requests.

Update the NIS guidance documentation, review documents and consult with DSIT and other stakeholders – internally and externally.

Meet regulatory reporting requirements to NCSC and DSIT.

Key responsibilities

Monitor developments in OES security & resilience risks, assess the information that the companies provide about their security and operational resilience arrangements and monitor the progress of any remediation work.

Identify companies that could fall within the scope of the Regulations and gathering evidence to support recommendations.

Develop, where necessary, and draft security best practice and compliance guidance, carrying out and/or managing security assessments.

Understand how the evolution of technologies used in the delivery of communications networks and digital infrastructure services may affect security and resilience risks.

Develop and maintain positive and constructive relationships with stakeholders. Work closely with stakeholders to improve the levels of security and operational resilience in the companies we regulate. This will include other regulators and other relevant information assurance agencies, both within the UK and beyond, NCSC in their role as the UK’s NIS technical authority, and DSIT as the lead government department for the sector.

Work with other members of the team in responding to and assessing OES responses to security incidents which are reported to Ofcom.

Work with colleagues in Ofcom’s Enforcement Team to provide technical support in relation to any enforcement activity.

Support career development discussions, coaching, and supporting members of the team.

Promote efficiency and continuity by ensuring knowledge and best practice is embedded and shared in the team.

Work with the Directors to regularly review the operation and deliverables of the programme, establishing and employing a framework to assess performance against objectives.

View on member website