Skip to content

Timesheets

Submit or approve timesheets here by selecting one of the options.

Location: England, London,

SZC Contract Security Risk Manager

England, London,
£55,000 - £65,000

Job Description

Job Purpose / Overview

The purpose of this role is to give NNB Gen Co (SZC) visibility into, understanding of and control over how information communication and technology (ICT) and critical assets that are either regulated under Nuclear Industries Security Regulations (NISR) 2003; or are not regulated, but pose substantial commercial Programme or Project risks; are acquired, developed, integrated and/or deployed. This is achieved through contractual security requirements and supporting processes, procedures and practices used to assure the integrity, resilience and quality of the assets and services.

The Contract Security Risk Manager is responsible for identifying those contracts which pose substantial nuclear and commercial business security risks to NNB Gen Co (SZC). You will lead with screening through procurement at Gateway A (Sourcing Strategy) and Gateway B (Invitation to Tender (ITT)) of Acquire Goods and Service (AGS) and assess the security risk/value of the contract. Coordinating requirements from security Intelligent Customer (IC) leads, you will ensure that End 2 End (E2E) security requirements (design, manufacture, transport, storage, installation, commissioning) are captured and established correctly within contracts, that any unaccounted scope is transferred back to the risk owner for resolution and that the priority for assurance of the delivery of the contract requirements is assessed.

Using your experience of Supply Chain Security Risk management and assurance, you will engage closely with procurement and supply chain staff and employ services within the Technical Services Organisation (TSO) to deliver the required level of regulatory assurance to classified contracts and Sensitive Nuclear Information (SNI) across the nuclear supply chain. You will also coordinate the delivery of assurance to unclassified contracts which pose substantial risk to commercial business operations and will provide the performance reporting in these areas to SZC CISO and SZC Security Manager for the SZC Project Board.

Contextual Information

Operating Environment

  • SZC project will be the largest infrastructure project in Europe following HPC. It relies on Information Technology (IT), Operational Technology (OT), communications, Building Information Modelling (BIM), Internet of Things (IoT) and Industrial IoT systems and the information processed by them to deliver SZC Project.
  • Loss or compromise of Sensitive Nuclear Information (SNI), information subject to Export Control, sensitive commercial information (SCI) such as BIM or personal information through Computer Network Exploitation (CNE), or compromise of either IT or OT systems through Computer Network Attack present serious and enduring risks to SZC Project, delivery partners and Supply Chain.
  • Understanding and mitigating Supply Chain security risks, particularly those associated with the distributed and interconnected nature of ICT/OT products and service supply chains and risks to Project critical assets is key.
  • Considering risk exposure, suitable mitigation, regulatory requirements and business risk appetite in the context of an evolving threat landscape, will be fundamental to the success of the End to End (E2E) delivery of NNB (SZC) Project.
  • SZC is second of a kind (SOAK) replication of HPC Project and the role must support intelligent replication of the security case, contractual requirements and Supply Chain from HPC, achieved by utilising suitably qualified and experienced personnel (SQEP) resource within the Technical Services Organisation (TSO).

Framework & Boundaries

  • Maintains key relationship with SZC Supply Chain staff, procurement and IT & IM Digital Services
  • Maintains key relationships and works closely with the Technical Services Organisation Contract Security Officers and the EDF Incident and Assurance Manager to implement, manage and assure SZC Project contract security requirements throughout the Project Lifecycle encompassing the full spectrum of commercial and nuclear security requirements.
  • Maintains key relationships with SZC IC security leads (Chief Information Security Officer (CISO), Physical Security Design, Personnel Security and Construction Site Security IC leads)
  • Meet the requirements of Nuclear Industries Security Regulations (NISR) (2003), Export Control Act (2002), GDPR 216/279, ISO 27001, IEC 62443 and adopts principles of ISO27005
  • Delivers for the client (SZC Project) but develops frameworks which serve the SZC Project delivery Alliances and Supply Chain
  • Travel SZC Project Offices (London), TSO Barnwood (Gloucester) and ad hoc visits to the NNB (SZC) Construction Site in Suffolk is expected as part of the role.

Principal Accountabilities

  • Provide technical guidance to NNB Gen Co (SZC) procurement functions.
  • Promulgate and maintain process, policy and procedure documents.
  • Promotes NNB Gen Co (SZC) security policies, procedures and practice and holistic requirements to procurement staff, contractors and third parties to improve security awareness and performance.
  • Collaborate with the EDF Incident and Assurance Manager and decide how to intelligently replicate tracking/reporting software Supply Chain Security Performance or develop own instance considering suitable tools available such as Power BI and Abriska.
  • 2nd Line oversight of List N entries for which SZC will be a Competent Authority
  • Ensure work completed by TSO CSOs is appropriately logged, tracked and reported to NNB Gen Co (SZC), including the maintenance of List N entries.
  • Liaise with SZC CISO and TSO and recommend key performance reporting measures
  • Identify any suppliers who continually fail to meet security and performance expectations
  • Identify critical assets and any over-reliance on single suppliers
  • Ensure supply chain security assessments and requirements keep pace with the SZC Project threat assessment; with specific reference to cyber, IT, OT, Communications and IoT and industrial IoT.
  • Work with the SZC Security Manager to ensure SZC Project overall security arrangements meet the required legislation, standards etc.
  • Documentation - Contribute to development of the intelligent customer surveillance, monitoring and security assurance programmes in line with the SZC Project assurance strategy.
  • Documentation - Ensure SZC Contract Security work instructions are correct, interface with SZC Information Management System Acquire Goods and Services (AGS) Procedure and are updated within the SZC Nuclear Site Security Plan (NSSP).
  • 2nd line audit and assurance - of classified and key unclassified contracts
  • Key interface with the Office for Nuclear Regulation (ONR) Civil Nuclear Security and Safeguards (CNSS) in relation to contract management and security assurance of third parties on behalf of NNB Gen Co (SZC)
  • Provide technical guidance to NNB Gen Co (SZC) procurement functions.

Dimensions

  • Manage Technical Services Organisation (TSO) Services for classified contract assurance
  • Supply Chain audit activities to intelligently replicate HPC supply chain assurance process aligned to SZC Acquire Goods and Services (AGS) Procedure
  • Hybrid working arrangements available

Knowledge, Skills, Qualifications & Experience

Essential

  • The post holder will be educated to degree level (or equivalent) or have a comparable level of practical experience.
  • Working experience of formal accreditation and risk assessment methodologies for IT and Operational Technology, such as ISO27005, IEC 62443 and/or NIST 800-53.
  • Experience in providing security guidance to Supply Chain and undertaking assurance reviews of IT and OT systems support functions and procedures in a highly regulated environment.
  • Strong documentation writing skills required for the ongoing development of related compliance procedures.
  • Excellent written and oral communication skills.
  • The post holder must currently hold or be able to achieve NSV SC.

Desirable

  • A recognised security or audit certification is desirable e.g. CISSP, CISA, ISO2700X auditor, ITPC Accreditor, CCP (SIRA/Accreditor/Auditor/ITSO) or similar.
  • Good working knowledge of applicable national and international standards and information security frameworks (ISO27001, HMG Security Policy Framework) and NCSC/CPNI security standards and guidance.
  • Excellent understanding and practical experience of complex Cyber and Information security challenges, threats and risks.
  • Experience of defining, understanding and interpreting contractual security clauses and requirements (preferably in alignment with HMG and/or Civil Nuclear Information Security Standards) in delivery of 3rd party contracts, and assuring compliance with those requirements.
  • Excellent understanding of Personnel and Physical security risks.

Rullion celebrates and supports diversity and is committed to ensuring equal opportunities for both employees and applicants.

Apply Now

Add your CV

Upload from device

Recommend this job to a friend

Is this role relevant to any of your friends? Let them know about it.