Senior Technical Advisor - NIS

Closing Date:

29/04/2025

Group:

Networks and Communications Group

Management Level:

Senior Associate

Job Type:

Permanent

Job Description:

Please note that this role will close at 00:01 on Tuesday 29 April, and therefore we advise getting your application in by no later than midnight on Monday 28 April.

About Ofcom
 

Ofcom looks after communications in the UK. From phones, broadband and digital infrastructure to TV, radio, post and wireless devices, we regulate services at the heart of people’s everyday lives.

This is an exciting time to join Ofcom. We are delivering vital work to help shape the communications services of today and tomorrow. One of Ofcom’s priorities is enabling strong, secure networks. The safety and security of the UK’s Digital Infrastructure is vitally important. We aim to deliver this by working closely with Government, National Cyber Security Centre (NCSC) and industry.

Ofcom has responsibilities under the Network and Information Systems (NIS) Regulations which place legal obligations on providers to protect UK critical services. Under NIS, Ofcom regulates companies in the “Digital Infrastructure subsector”. Currently this includes companies providing essential services in the following areas:

• DNS resolution and authoritative hosting

• TLD name registries

• Internet Exchange Points

The Network Security team is responsible for delivering against this important priority for Ofcom.

Purpose of the Role

Working closely with the NIS Principal and wider Network Security team, you will be responsible for supporting the security assurance and monitoring regime among the Operators of Essential Services (OES) we are responsible for. You will assess the information that the companies provide about their security arrangements and monitor the progress of any remediation work.

• Where appropriate submit formal information requests.

• Update the NIS guidance documentation, review documents and consult with DSIT and other stakeholders – internally and externally.

• Meet regulatory reporting requirements to NCSC and DSIT.

Key responsibilities

• Monitor developments in OES security & resilience risks, assess the information that the companies provide about their security and operational resilience arrangements and monitor the progress of any remediation work.

• Identify companies that could fall within the scope of the Regulations and gathering evidence to support recommendations.

• Develop, where necessary, and draft security best practice and compliance guidance, carrying out and/or managing security assessments.  

• Understand how the evolution of technologies used in the delivery of communications networks and digital infrastructure services may affect security and resilience risks.

• Develop and maintain positive and constructive relationships with stakeholders. Work closely with stakeholders to improve the levels of security and operational resilience in the companies we regulate. This will include other regulators and other relevant information assurance agencies, both within the UK and beyond, NCSC in their role as the UK’s NIS technical authority, and DSIT as the lead government department for the sector.

• Work with other members of the team in responding to and assessing OES responses to security incidents which are reported to Ofcom.

• Work with colleagues in Ofcom’s Enforcement Team to provide technical support in relation to any enforcement activity.

• Support career development discussions, coaching, and supporting members of the team.

• Promote efficiency and continuity by ensuring knowledge and best practice is embedded and shared in the team.

• Work with the Directors to regularly review the operation and deliverables of the programme, establishing and employing a framework to assess performance against objectives.

Skills, Knowledge and experience

• Direct experience of the business, technical, and security challenges faced by companies within the NIS Digital Infrastructure subsector and/or the telecommunications or cloud services sector.

• Comprehensive understanding of conducting security assurance assessments, audits, and managing remediation plans, within the NIS sector and/or the telecommunications or cloud services sector.

• Understanding of the types of threat actors that would target Ofcom's regulated sector and cyber security threats they present.

• Experience with evaluating technical vulnerabilities and identifying reasonable and appropriate control measures.

• Experience across all cyber security risk management domains (strategy; governance and risk management; protection, detection, response, recovery, and resumption of services; testing).

• An understanding of the technologies used to provide DNS resolution/authoritative hosting, DNS TLD registries and Internet Exchange Points and related infrastructure critical to running the Internet (Digital Infrastructure subsector).

• An understanding of the internet suite of protocols, networking, routing and DNS including in-depth knowledge of authoritative and recursive DNS servers, including security extensions such as DNSSEC and DoH, as well as BGP.

• Experience in practical application of leading practice cyber standards and guidance, such as the NCSC’s Cyber Assessment Framework (CAF), ISO 27001, and the NIST CyberSecurity Framework (CSF).

Competences

Building Solutions / Executing Plans

• Takes responsibility for delivery to time, quality, and cost across a range of projects/programme, setting direction for the scope of the work

• Takes account of strategic priorities when identifying requirements and negotiating for resources

• Ensures the project/programme delivers objectives consistent with Ofcom’s strategy

• Proactively focuses resources (time, money, people) on the real priorities for Ofcom’s success

Forming Relationships / Channelling Influence

• Builds effective relationships, adapting own style and approach when appropriate with a good understanding of multinational and multicultural environments.

• Displays professional integrity and objectivity in dealings with colleagues and stakeholders

• Motivates the team to perform effectively and deliver value for money

• Inspires people to stretch to achieve more than they thought possible

Articulating Ideas

• Communicates openly and honestly, even when it’s difficult - Handles objections and questions professionally, providing rational responses

• Takes responsibility for bringing together material for high profile/ complex documents

Evaluating Problems / Generating Insights

• Comfortably works with ambiguity and is responsive to ambiguous situations - Gets to the heart of complex issues, demonstrating command of detail and of the bigger picture

• Role models flexibility and helps others to adapt to change

• Promotes an environment of continuous improvement

Harmonising Work

• Appreciation of and desire to promote Ofcom's values of excellence, agility, empowerment, collaboration and respect.

Qualifications

• Educated to degree level (or equivalent experience).

• Relevant NIS - Digital Infrastructure subsector (Internet infrastructure) or Telecoms industry experience in information security. Operational resilience would be beneficial.

• Having Information security Audit qualifications would be advantageous; (ISACA Certified Information Systems Auditor (CISA) or Cybersecurity Audit Certificate or, BCS Certificate in Information Assurance Auditing or equivalent

• Holds security clearance or is willing to go through security clearance to “SC” level.

Ofcom has a clear mission: to make communications work for everyone.  To be able to deliver on this, we want our organisation to reflect the diversity of background, experience, upbringing and thought that exists across the UK.  We aim to recruit from the widest pool of candidates possible – no matter your social background, ethnicity, sexual orientation, gender or disability. 

Where positions are listed as full-time, we remain open to reduced hours, part-time arrangements, job shares, and other flexible working options. From day one, we champion flexible work arrangements to accommodate individual needs.

We also warmly welcome applicants who are returning to the workforce after a break – for whatever reason. If you have taken time away and are ready to rejoin, we look forward to reviewing your application.

Our recruitment processes prioritise accessibility and inclusivity. If you need information in an alternative format or have specific preferences, please contact our recruitment team at resourcing@ofcom.org.uk or call 0330 912 1378.

As a Disability Confident employer, we offer interviews to disabled applicants who meet essential criteria for advertised roles. Learn more about this scheme here.  https://careers.ofcom.org.uk/careers/how-we-hire/