Information Senior Security Specialist (Cyber Security Lead)

Mace combines construction expertise with consultancy to unlock potential in every person or project and redefine the boundaries of ambition. Our values shape the way we consult and define the people we want to join us on our journey.

The project: The Sizewell C (SZC) cyber security lead operates within the SZC construction and nuclear security business landscape and is responsible for assuring the deployed Cyber infrastructure as part of the cyber security and information environment and future developments to the environment and appropriate governance.  

This is position will focus on the deployed and planned cyber estate including end points both owned and non-owned, physical and virtual together with access to them. This includes end user devices such as laptops, mobile devices, virtual servers, printers and room meeting systems. The position will drive development of 2nd line of assurance approach, reporting together with effective mapping to cyber security frameworks and standards in this field. The consequence of non-compliance, compromise or vulnerability or incompatible controls with long lead time deliveries can amount to many millions of pounds sanctions or later remedial costs, so the foundations set by this team are critical to the business.

You’ll be responsible for:

• Provide assurance to the SZC BISO, and ultimately to the SZC Board, on the efficacy of SZC’s cyber configuration and security arrangements, risks and mitigations for devices and their access controls. 
• Intelligently replicate cyber security policies, standards, procedures and RESA governance from HPC to SZC with NS, EPRP, EIS and alliances peer review. 
• Intelligent customer (IC) responsibility for licensee Cyber Security requirements. 
• Define and ensure the delivery of all assurance activities required to demonstrate compliance with all security requirements, including those specified and delivered by NS, EIS and EPRP or other third parties, that protect the confidentiality, integrity and availability of SZC information stored or processed upon devices, physical or virtual. 
• Review and acceptance of security designs produced by EPRP and SZC suppliers. 
• Set the requirements and own the development and implementation of processes and procedures that deliver secure cyber operations at SZC, including to SaaS providers. 
• Ensure that all cyber risks are captured within project risk logs and with the BISO into security risk tools, define and assure delivery of all mitigations.  Provide briefings to the SZC Security team on risks.  
• Utilising up-to-date knowledge of cyber security tools including in M365 to advise and support the project in delivering the best cyber security approach that aligns data privacy, business objectives and ensuring information security safeguards are effective through assurance activities. 
• Evaluate the cyber threat and vulnerability landscape, proposed refinement and develop of SZC policies and controls to reduce residual risk and attack surface. 

You’ll need to have:

• Knowledge of cyber security and assurance of deployed controls. 
• Established cyber security credentials.  
• Good working knowledge of applicable international standards and information security frameworks (ISO27001, CIS, NIST, GDPR, Cyber Essentials Plus). 
• Aware of risk assessment methodologies including ISO27005 and NIST. 
• Familiar with cyber security tools such as defender for cloud, defender, purview and Intune.
• Familiarity with process of vulnerability scanning and management together with penetration testing. 
• Device deployment, management, patching, conditional access, isolation. 
• Assurance of deployed baselines.
• Reporting and dashboards. 
• Knowledge of national protective security authority (NPSA) and national cyber security centre (NCSC) guidance and frameworks including cyber essentials. 
• Confident in own abilities and be able to deliver in a dynamic environment. 
• Proven stakeholder management. 
• Excellent presentation and communication skills. 
• The post holder must currently hold or be able to achieve national security vetting (NSV) security check (SC).      
• A role requiring regular visits to offices, partners, alliances and sites and temporary structures around them.

Our values

Safety first - Going home safe and well: We champion a safe, diverse and inclusive working environment, understanding the importance of wellbeing in every team.

Client focus - Deliver on our promise: We own the quality of deliverables, strategic outcomes and build long term relationships with our clients.

Integrity - Always do the right thing: We influence positive outcomes within our industry, while always aligning with our compliance obligations.

Create opportunity - For our people to excel: We champion a continuous improvement culture throughout all activities, inspiring our people and teams to develop. 

Mace is an inclusive employer and welcomes interest from a diverse range of candidates. Even if you feel you do not fulfil all the criteria, please apply as you may still be the best candidate for this role or another role within our organisation.

We are also open to discussing part time, flexible, and hybrid working options if suitable with-in the role.

#LI-Onsite