CISO Function Programme Manager

Job Introduction

Job Description for Chief Information Security Officer (CISO) Function Programme Manager:

There’s never been a more exciting time to be part of the nuclear sector. New opportunities are being created all the time. At NNL, you’ll be in the ideal place to capitalise on this momentum, face new challenges and develop a long, successful and meaningful career.

We’re an organisation that’s here to experiment and push the limits of what’s possible. So, if you’re keen to excel in your chosen field, this is the place to do it. Because at NNL, anything is possible.

Reporting into the Head of Security Transformation, the CISO Function Programme Manager will support the business in its growth strategy by leading a team dedicated to:

• Supporting the transformation of NNL’s information security, data privacy and resilience services, consistent with the requirements of NNL’s Information Security strategy. 
• Managing a portfolio of IT-enabled business change projects required to deliver required changes in security culture and/or capabilities within NNL and across our Supply Chain.

This role will support the Head of Security Transformation by providing project and business management services for the Security Transformation Team and wider CISO Function.  

The location for this role is flexible and can be based at Risley, Culham, Preston, Stonehouse or Sellafield.

Role Responsibility

Main Responsibilities for Chief Information Security Officer (CISO) Function Programme Manager:

• Manage the CISO Transformation Programme, engaging expertise from within the CISO Function, IT Function and wider business, including relevant Suppliers and Sub-contractors. 
• Deputise for the Head of Security Transformation as required.
• Support the NNL CISO in developing and maintaining a trusted and positive working relationship with Inspectors and CISO Function within the Office for Nuclear Regulation.
• Define and manage the delivery of a portfolio of IT-enabled change projects to implement NNL’s security capability roadmap and increase the maturity of NNL’s CISO Function.
• Establish the required Programme Governance Framework, ensuring that key stakeholders remain engaged and supportive; and enabling informed and timely decisions to be made.
• Develop and maintain the artifacts needed to define, manage and deliver the programme, including programme management plan; programme schedule; and resource/finance plans.
• Engage with the individual project teams involved in the CISO Transformation Programme to ensure they are defined, approved and delivered within a coherent programme plan. 
• Engage CISO Transformation Projects and Procurement teams to define procurement requirements; select the most appropriate bidders; and ensure timely contract execution. 
• Engage stakeholders and project teams to identify and drive the management of risks, issues and opportunities associated with the CISO Transformation Programme delivery.
• Manage the CISO Transformation Programme, ensuring it delivers on time and within budget, whilst achieving the desired objectives and outcomes.   

The Ideal Candidate

Essential Criteria for Chief Information Security Officer (CISO) Function Programme Manager:

• Successful track record of leading small information security programme teams within organisations of up to 3,000 staff, ideally in the Nuclear sector or other UK regulated Critical National Infrastructure organisation. Ideally, possesses relevant certifications in project and programme management; and Agile delivery. 
• Is a persuasive communicator using logic to win support and change views.  Sets a lead in sharing knowledge across the organisation and uses a variety of effective strategies to capture and share information.  Addresses and discusses concerns and ensures key stakeholders are kept informed.
• Ensures that colleagues understand how their work contributes to security of the CISO Function and wider organisation through compelling Programme/Project business cases.
• Conceives and delivers improvements in information security, data privacy and resilience through the management of a portfolio of IT-enabled business change and cultural transformation projects, aligned to the organisation’s information security strategy.
• Manages the development of secure systems with SME support. Proposes security requirements for new systems or changes to existing systems with SME support.
• With SME support, designs effective test programmes for systems, products applications or processes and is responsible for managing their completion.
• To support programme management and delivery, can explain the main principles of secure configuration of security components and devices, including protective monitoring tools.
• Understands local (organisation or project) policies and processes relating to the protection of personal data. Recognises and delivers tasks to addresses non-compliance.
• Learning from experience, proactively shares good practice and expertise with colleagues. Contributes effectively to debates and complex discussion, applying well-reasoned arguments to shaping the CISO Transformation Programme Plan. Adapts communication style to suit audience, developing effective mechanisms to disseminate information.
• Leads the production of Information Security requirements for third parties and/or compliance processes, using these to select, contract and manage Project Suppliers. 
• Creates and leads formal, informal or virtual teams and/or creates collaborative links with related teams.  Addresses and resolves conflict within teams.  
• Encourages professional development within the organisation or industry.  Provides support and feedback to encourage and develop colleagues.  Develops others through coaching, mentoring and advising colleagues.
• Member/Fellow of the Chartered Institute of Information Security or certification through an equivalent professional body.
• Ability to obtain SC level security clearance (this includes but is not limited to identity, employment, financial and criminal record checks plus 5 years’ worth of UK residency).

About the Company

Grounded in robust science and decades of experience, National Nuclear Laboratory (NNL) is the authoritative voice in the UK and beyond for technological development within the nuclear power sector.

Our unparalleled understanding of the science, challenges and opportunities makes us an unrivalled authority and partner in the field, providing experts, technologies, and access to cutting-edge facilities to organisations around the world.

Harnessing potential technologies and translating them into to industry-ready solutions means our pioneering approach spearheads international improvement and technological progress.

We work on projects as small as drilling a hole to analyse underground wastes with our integrated micro drilling technology, or as large as developing state-of-the-art power systems for spacecraft, based on radioactive materials

NNL has a vision for Equality, Diversity and Inclusivity (ED&I) where NNL aims to be an inclusive workplace that attracts diverse talent through transparent and equal policies and procedures. We want you and the diverse mix of people that we employ, customers that we service and stakeholders that we influence to feel valued. We encourage a workplace culture where everyone can thrive with a sense of belonging.

Recruitment Agency Notice

We operate a strict Preferred Supplier List (PSL) for the provision of recruitment services. Only agencies on our PSL may provide CVs and only when the role is released to them by our recruitment team. We will not accept unsolicited CVs from suppliers not currently on our PSL. We explicitly reserve the right to add candidate details from unsolicited CVs from non-PSL agencies into our own candidate database and to pursue/hire such candidate(s) without any obligation, financial or otherwise, to the agency concerned.

United Kingdom National Nuclear Laboratory