Closing Date:
18/09/2024
Group:
Networks and Communications Group
Management Level:
Senior Associate
Job Type:
Permanent
Job Description:
Please note this role will close at 00:01 on 18/09, so we advise getting your application in no later than midnight on 17/09
Working closely with other members of the Network Security team, you will be responsible forestablishing and supporting the roll out of a network security regime for the communication providers. This role will require you to have in depth knowledge of communication providers and demonstrate technical insights to help develop and implement guidance on network topology, security, operations and processes so that Ofcom’s policy position and approach to the regulation of these new network security requirements is effective appropriate and measurable.
This role will require you to provide technical insights and support the delivery of a new telecoms security framework for Communications Providers. Ofcom has had responsibilities for communications network security and resilience for several years and has recently received new responsibilities in this area. In the light of the increasing economic and social significance of communications and services, the security and resilience of fixed and mobile networks and services is becoming more important and we are taking proactive steps to ensure that they are designed and operated to meet the needs and expectations of users.
Your Key Responsibilities
Work with other members of the team in responding to and assessing telecoms and digital infrastructure company responses to security and resilience incidents that occur in their infrastructure which are reported to Ofcom. Ensuring enough information is present to deliver a sound security risk assessment.
Support the roll out, management and monitoring of a programme promoting the adoption of the new legislation underpinning the TSR. This will include maintaining and supporting a compliance monitoring regime that will provide annual report to the SOS (Secretary of State) for DCMS. This will include, supporting and future review and update ofthe “code of Practise”, compliance guidance, and requesting evidence to support CP assessment including carrying out and/or managing compliance assessments against that “code”.
Work with colleagues in Ofcom investigations teams to provide technical support in relation to any enforcement activity.
Work with industry stakeholders, Government and other relevant agencies to ensure policy goals are aligned and effectively coordinated.
Essential skills, knowledge and experience
Security Assurance and Risk Management:
Managing remediation plans within a Communications Provider (mobile, fixed, internet).
Evaluating technical vulnerabilities and identifying appropriate control measures.
Experience across all cyber security risk management domains (strategy, governance and risk management, protection, detection, response, recovery, situational awareness, testing).
Managing and monitoring security assurance programs.
Cybersecurity Threats:
Understanding of threat actors targeting Ofcom’s regulated sector and associated cyber security threats.
Telecoms Technology and Architecture:
Understanding of fixed and mobile architectures.
Practical application of best practices for the technology under review.
Maintaining awareness of current and emerging telecoms technologies through training, industry liaison, and managing external technical research projects.
Articulating Ideas:Written and oral communication skills, including presenting to internal and external audiences.
Executing Plans :Experience in project management, including developing and delivering plans, and managing risks and issues.
Qualifications
Relevant professional qualifications
Maintains UK security clearance or is willing to undergo a vetting check (once started), as this is a requirement for the role.
Although not required to be considered for the role, it is helpful if you have any of the below:
Supply chain management and vendor contractual arrangements.
Third-party or managed services access and security.
Network separation and high assurance systems management.
User identity management.
Asset management.
Auditing and testing.
Experience in fixed and mobile signalling (GSM to 5G).
5G Radio Access Networks (RAN) and Open RAN.
Virtualisation of telecoms network functions.
Understanding of vendor risk assessment and evaluation.
Understanding of human and physical security aspects in telecoms.
Management of cryptographic material, including key derivation, management, revocation, distributions and hardware roots of trusts.
Telecoms signalling systems and monitoring/defensive measures.
Implementation of telecoms network functions or business systems within public cloud environments.
Ofcom has a clear mission: to make communications work for everyone. To be able to deliver on this, we want our organisation to reflect the diversity of background, experience, upbringing and thought that exists across the UK. We aim to recruit from the widest pool of candidates possible – no matter your social background, ethnicity, sexual orientation, gender or disability.
Where positions are listed as full-time, we remain open to reduced hours, part-time arrangements, job shares, and other flexible working options. From day one, we champion flexible work arrangements to accommodate individual needs.
We also warmly welcome applicants who are returning to the workforce after a break – for whatever reason. If you have taken time away and are ready to rejoin, we look forward to reviewing your application.
Our recruitment processes prioritise accessibility and inclusivity. If you need information in an alternative format or have specific preferences, please contact our recruitment team at or call .
As a Disability Confident employer, we offer interviews to disabled applicants who meet essential criteria for advertised roles. Learn more about this scheme here. https://www.ofcom.org.uk/about-ofcom/jobs/disability-confident-scheme