Head of Security Transformation

• The opportunity to drive and manage Security enabled transformational change.
• Hybrid working practices in place

About Our Client

National Nuclear Laboratory Ltd (NNL) is a UK Government-owned autonomous commercial organisation that provides specialist technical advice and support to public and private sector organisations. We have over 1600 employees and operate four laboratories focused on applying research into nuclear technologies to create world-class solutions in four focus areas:

• Clean Energy
• Environmental Restoration
• Health and Nuclear Medicine
• Security and Non-Proliferation

Whether it is contributing to the achievement of net zero or advancing nuclear science in the delivery of effective healthcare, the outcomes we achieve directly benefit us all. Furthermore, our work in these areas will continue to grow in significance for the foreseeable future.

The NNL CISO Function has been recently created following the separation of information security roles and responsibilities from the existing IT Function. This was enabled by the appointment of a new CISO and a new CIO - both reporting to the Chief Finance Officer.

The CISO Function will empower and enable our business to successfully create value with acceptable levels of information security, data privacy and cyber resilience. The new function is in a period of significant growth in size and capabilities, enabling us to set the standards for security that others will seek to emulate. The function will comprise four functional areas:

• Security Strategy
• Security Transformation
• Security Service Delivery
• Security Operations

Reporting to the Chief Information Security Officer the Head of Security Transformation will support the business in its growth strategy by leading a team dedicated to:

• Transforming NNL's information security, data privacy and resilience services, consistent with the requirements of NNL's Information Security strategy.
• Defining and maintaining NNL's security architecture and information security policies, procedures and guidance to enable and empower the business to succeed with acceptable levels of risk.
• Providing systems engineering expertise to support the adoption of agreed technical standards, security controls and inherently secure software applications.
• Managing a portfolio of IT-enabled business change projects required to deliver required changes in security culture and/or capabilities within NNL and across our Supply Chain

Job Description

Key responsibilities:

• Lead and manage all activities associated with NNL CISO's Security Transformation work.
• Form part of the CISO Function Senior Leadership Team (SLT), with specific responsibility for managing and developing the Security Transformation Team.
• Deputise for the NNL CISO as required.
• Support the NNL CISO in developing and maintaining a trusted and positive working relationship with Inspectors and CISO Function within the Office for Nuclear Regulation.
• Identify key business operations and how information is used to create value, document information assets; agree on asset ownership; and assuring appropriate data governance.
• Manage and develop information security requirements for people, processes, information usage, applications, infrastructure and facilities that are pragmatic and effective; aligned to our legal and regulatory obligations; and consistent with our risk appetite.
• Manage and routinely assess existing NNL security architecture to define our roadmap for developing NNL's security capabilities consistent with NNL's Information Security Strategy.
• Define and manage the delivery of a portfolio of IT-enabled change projects to implement NNL's security capability roadmap and increase the maturity of NNL's CISO Function.
• Represent NNL at appropriate industry and Government working groups and committees, developing trusted relationships with relevant intelligence and law enforcement agencies.
• Develop effective working relationships with other NNL Security and CIO Teams as required, including CIO SLT, Security Liaison Officers and Information Asset Owners.
• Engage NNL's Senior Leadership, being a trusted advisor and advocate for Information Security within the business and wider industry and supporting new business opportunities.

The Successful Applicant

Experience Essential Criteria:

• Experience in leading small information security operations teams, ideally within organisations in the Nuclear sector or other UK-regulated Critical National Infrastructure organisations.
• Is a persuasive communicator using logic to win support and change views. Sets a lead in sharing knowledge across the organisation and uses a variety of effective strategies to capture and share information. Addresses and discusses concerns and ensures key stakeholders are kept informed.
• Ensures that colleagues understand how their work contributes to security of the CISO Function and wider organisation.
• Conceives and delivers improvements in information security, data privacy and resilience through the leadership and management of a portfolio of IT-enabled business change and cultural transformation projects, aligned to the organisation's information security strategy.
• Leads the development of policies and standards within an organisation or across a range of clients; interprets Information Security and Data Privacy standards to support complex decisions or those which set new precedent.
• Recognises and reports non-compliances with applicable legislation and regulation. Updates Information Security policies and standards to comply with legislation and regulation with minimal supervision.
• Applies Information Security Architectural principles in new and complex situations. Recommends appropriate tools and how to apply those tools to achieve the required Information Security Architecture.
• Advises senior management and/or contracting authorities on the Information Security requirements for third-party management. Leads the production of Information Security requirements for third parties and/or compliance processes.
• Creates and leads formal, informal or virtual teams and/or creates collaborative links with related teams. Addresses and resolves conflict within teams.
• Encourages professional development within the organisation or industry. Provides support and feedback to encourage and develop colleagues. Develops others through coaching, mentoring and advising colleagues.
• Holds or can obtain National Security Vetting (NSV) to SC level on taking up the role.

Experience Desirable Criteria:

• Member/Fellow of the Chartered Institute of Information Security or certification through an equivalent professional body.

Demonstrable Behaviours:

• Be Curious
• Take Action
• Add Value

What's on Offer

Competitive salary and benefits are to be discussed on a one-to-one basis.

Where specific UK qualifications are required we will take into account overseas equivalents. All third party applications will be forwarded to Page Executive.

Ref Code: MPFE0920225770436Z