Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Lead cyber security assurance to protect Britain's energy infrastructure and manage risks effectively.
- Company: Ofgem is the independent energy regulator driving change towards a Net Zero energy future.
- Benefits: Enjoy 30 days annual leave, hybrid working, and a generous Civil Service pension.
- Why this job: Make a real impact on national security while working in a collaborative and inclusive culture.
- Qualifications: Experience in cyber risk management and leadership at high organisational levels is essential.
- Other info: This is a rare full-time, permanent role with significant influence on UK regulatory resilience.
The predicted salary is between 49000 - 73000 £ per year.
Join to apply for the Head of Security Assurance role at Ofgem
3 days ago Be among the first 25 applicants
Join to apply for the Head of Security Assurance role at Ofgem
This range is provided by Ofgem. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more.
Base pay range
Direct message the job poster from Ofgem
Cyber threats are evolving, and protecting the critical systems that underpin Britain’s energy infrastructure is vital to the success of the industry. Ofgem are looking for a Head of Security Assurance to lead the delivery of cyber oversight, ensuring resilient, secure and data-focused infrastructure that protects consumers and the industry information.
Ofgem is Great Britain’s independent energy regulator. We’re at the forefront of change across the energy sector, driving towards Net Zero whilst protecting energy consumers, especially vulnerable people.
This is a rare full-time, permanent opportunity to take ownership of a nationally important cyber security function. You’ll shape how cyber risk is understood and managed across the organisation, guiding major programmes, engaging with senior leaders and government partners, and embedding security into everything we do. Your work will influence high-profile decisions, safeguard core services and help shape the UK’s wider regulatory resilience.
You’ll lead a committed, expert team that supports both current systems and future ambitions. Whether working with NCSC-aligned frameworks, steering architecture reviews or driving strategic risk conversations at board level, you’ll be at the centre of how we stay ahead of evolving threats, not just for today, but for the future.
We’re looking for a leader who brings credibility, clarity and confidence, someone who pairs technical depth with a sharp understanding of cyber risk, security architecture and assurance, and has the drive to influence, collaborate and deliver at pace.
Whether your experience comes from central government, national infrastructure, consultancy or a regulated private sector environment, you’ll have the ability to lead conversations at the highest levels and the expertise to shape how security supports Ofgem’s wider mission.
If you thrive on working across boundaries, influencing outcomes and setting direction at scale, this is your opportunity to make a difference where it truly matters.
As a key member of the Ofgem cyber leadership team, you’ll help us to continue building a flexible, hybrid working culture that focuses on inclusion, collaboration and trust. You’ll be supported by peers who value insight and impact and encouraged to lead with both purpose and perspective.
We have a critical mission to lead cyber security assurance across Ofgem’s operations, protecting the systems and services that support Britain’s transition to a fair, secure and low-carbon energy future.
Key Responsibilities
Leadership and engagement: Working alongside other functional leaders to engage leaders across Ofgem and our partners to promote shared awareness of how Ofgem should conduct business, whilst achieving appropriate and effective security, privacy and resilience.
Strategic direction: Supporting the definition of Ofgem’s security, privacy and resilience requirements, translating them into recommended strategic options.
Intelligence analysis: Manage the routine assessment of threats affecting Ofgem, based on effective partnerships with the Security, Intelligence and Law Enforcement Agencies, other regulators and energy sector partners.
Asset and risk management: Manage the identification of critical assets (people, data, facilities) within Ofgem and our 3rd parties, analysing the risks associated with them, and capturing this information into a properly maintained risk register and action plan.
Driving Risk reduction: Developing a consolidated set of requirements for risk mitigation, turning them into viable and prioritised risk mitigation plans. Routinely reviewing progress of mitigation activities versus the plans, ensuring these activities remain aligned to Ofgem’s strategic priorities and consistent with our current threat and risk assessments.
3rd Party management: Build effective working relationships, underpinned by commercial contracts and Memorandum of Understandings, to ensure 3rd parties manage risks consistent with our requirements, Cabinet Office policy, DPA 2018/GDPR, as well as other associated regulations.
Service delivery: Providing support for monitoring the performance of services delivered by 3rd parties or other Government organisations to ensure that they are being delivered within agreed levels of service and are delivering the desired security, privacy and resilience outcomes.
Being a role model for the security and data privacy community, modelling Civil Service values to foster and develop the profession across government.
Team Management – Manage a small team of Security Architects and Security Managers to deliver security assurance aligned with industry best practice.
Key Outputs and Deliverables
Maintain risk register – This assesses the security, privacy and resilience risks likely to affect delivery of business operations; forward work plan; and corporate functions. Manage all mitigating actions to reduce residual risk to acceptable levels, consistent with Ofgem’s risk appetite for security, privacy and resilience.
Threat briefings – The main conduit for leaders and staff to be routinely briefed on strategic and tactical threats to Ofgem’s security, privacy and resilience.
Manage changes projects – In conjunction with colleagues, develop a control improvement strategy, programme and activities, which are then managed through to conclusion with security assurance oversight.
Value for money on Cyber security assurance tools and services – Although not limited in scope, these would include Penetration Tests, Vulnerability Scans, Remediation activities– either provided by Ofgem directly or by 3rd parties.
Review and countersign Policies – Maintain security and privacy policies, reviewed and countersigned annually with the CISO.
Reporting – Regular reporting on key performance indicators and governance meetings.
- Chartered via the UK CSC or CISSP or equivalent (lead criteria).
- Deep technical understanding of IT infrastructure / Software development and management of these components.
- Experience of engaging, advising and influencing at all levels of an organisation whilst projecting credibility and self-assurance – specifically relating to intelligence analysis and risk management.
- Experience of developing and implementing a pragmatic approach to assessing the security, privacy and resilience risks affecting sensitive assets, including engaging stakeholders to create shared understanding of the risks.
- Experience of managing the implementation of strategic plans, tracking progress on risk reduction and benefits delivery; and managing changes to plans line with identified delivery risks and issues.
- Experience of negotiating and managing 3rd party contracts and acting as an intelligent customer, ensuring that security, privacy and resilience are negotiated into the agreed contract terms and conditions.
- Experience of defining and gaining approval for a viable, agile and pragmatic security, privacy and resilience strategy capable of responding to and anticipating changes to the assessed threats, risks and business environment.
- Experience in analysing incidents across a complex environment
- Experience of developing a business case for change that identifies the business benefits of a defined security, privacy and resilience strategy.
Behaviours
We\’ll assess you against these behaviours during the selection process:
- Seeing the Big Picture
- Making Effective Decisions
- Leadership
- Delivering at Pace
Alongside your salary of £61,446, OFGEM contributes £17,800 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.
Ofgem can offer you a comprehensive and competitive benefits package which includes; 30 days annual leave after 2 years; Excellent training and development opportunities; The opportunity to join the generous Civil Service pension which also includes a valuable range of benefits; hybrid working (currently 1 day a week in the office but this is kept under review), flexible working hours and family friendly policies. Plus lots of other benefits including clean and bright offices based centrally, engaged networks and teams and an opportunity to contribute to our ambitious and important targets of establishing a Net Zero energy system by 2050. This exciting blend of professional challenge and personal reward identifies career opportunities at Ofgem as something to get excited about.
This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours and Experience.
When you press the ‘Apply now’ button, you will be asked to complete personal details (not seen by the sift panel) and upload a copy of your anonymised CV.
You will then be asked to provide a 1250 word ‘personal statement’ evidencing how you meet the essential and desirable skills and capabilities listed in the role profile. Please ensure you demonstrate clearly, within your supporting statement, how you meet each of the essential and desirable skills and capabilities.
Please refer to Civil Service candidate advice on the acceptable use of artificial intelligence within the recruitment and selection process – Artificial intelligence and recruitment , Civil Service Careers
Click \’apply now\’ to be redirected to the Civil Service Jobs website to apply for the role. The deadline for submissions is 23:55 on Monday 25th August 2025.
Feedback will only be provided if you attend an interview or assessment.
Seniority level
-
Seniority level
Mid-Senior level
Employment type
-
Employment type
Full-time
Job function
-
Job function
Information Technology
-
Industries
Utilities and Government Administration
Referrals increase your chances of interviewing at Ofgem by 2x
Get notified about new Head of Security jobs in Cardiff, Wales, United Kingdom .
Cyber Security Head of Detect and Response
Cardiff, Wales, United Kingdom 2 weeks ago
Cardiff, Wales, United Kingdom 2 weeks ago
Security Operations Coordinator – Cardiff
Cardiff, Wales, United Kingdom 1 month ago
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
#J-18808-Ljbffr
Head of Security Assurance employer: Ofgem
Contact Detail:
Ofgem Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Head of Security Assurance
✨Tip Number 1
Familiarise yourself with Ofgem's mission and values, especially their focus on Net Zero and consumer protection. This will help you align your discussions and demonstrate how your experience can contribute to their goals during interviews.
✨Tip Number 2
Network with current or former employees of Ofgem, particularly those in cyber security roles. They can provide valuable insights into the company culture and expectations, which can be beneficial when preparing for interviews.
✨Tip Number 3
Stay updated on the latest trends and threats in cyber security, especially those relevant to the energy sector. Being able to discuss current issues and potential solutions will showcase your expertise and proactive approach.
✨Tip Number 4
Prepare to discuss your leadership style and how you've successfully managed teams in high-pressure environments. Ofgem is looking for someone who can lead effectively, so having concrete examples ready will strengthen your application.
We think you need these skills to ace Head of Security Assurance
Some tips for your application 🫡
Understand the Role: Before applying, make sure to thoroughly read the job description for the Head of Security Assurance role at Ofgem. Understand the key responsibilities and required skills, so you can tailor your application accordingly.
Craft a Strong Personal Statement: Your personal statement is crucial. Use the 1250 words to clearly demonstrate how your experience aligns with the essential and desirable skills listed in the job profile. Be specific and provide examples that showcase your leadership, strategic direction, and risk management capabilities.
Highlight Relevant Experience: In your CV and personal statement, emphasise your experience in cyber security, particularly in areas like intelligence analysis, asset management, and third-party management. Make sure to mention any relevant qualifications, such as CISSP or equivalent.
Review and Edit: Before submitting your application, take the time to review and edit your documents. Check for clarity, grammar, and spelling errors. A polished application reflects your attention to detail and professionalism.
How to prepare for a job interview at Ofgem
✨Understand the Role's Requirements
Before the interview, make sure you thoroughly understand the key responsibilities and requirements of the Head of Security Assurance role. Familiarise yourself with Ofgem's mission and how this position contributes to their goals, especially regarding cyber security and risk management.
✨Prepare for Behavioural Questions
Expect to be assessed on behaviours such as 'Seeing the Big Picture' and 'Delivering at Pace'. Prepare examples from your past experiences that demonstrate these behaviours, focusing on how you've led teams, made effective decisions, and influenced outcomes in complex environments.
✨Showcase Your Technical Expertise
Be ready to discuss your technical understanding of IT infrastructure and security frameworks. Highlight your experience with NCSC-aligned frameworks and your ability to manage cyber risks effectively. This will help establish your credibility and depth of knowledge in the field.
✨Engage with Strategic Thinking
During the interview, demonstrate your strategic thinking by discussing how you would approach defining Ofgem’s security, privacy, and resilience requirements. Share insights on how you would translate these into actionable plans, showcasing your ability to think ahead and adapt to evolving threats.