Senior Supply Chain Auditor
Location
Gloucester, Gloucestershire | United Kingdom
Job description
EDF Energy is a core part of the EDF Group, one of the largest energy companies in Europe with key business operations in the UK, France, Italy and Belgium. We're the UK’s largest producer of low-carbon electricity, the biggest supplier of electricity by volume in Great Britain, the largest supplier to British businesses and we employ more than 13,000 people. We operate nuclear, coal and gas power stations, wind farms, and combined heat & power plants. We have a focus on safe, dependable energy generation and an ethos of service excellence. We are playing a leading role in new nuclear build in the UK to secure a bright future for the combined business and its employees.
Gloucester Business Park, Gloucester or Atlantic Quay, Glasgow. Hybrid with minimum of 3 days per week in the office. Regular travel to HPC and SZC required.
The Opportunity…
We are looking for a Senior Supply Chain Auditor, to join our Nuclear Security Team, as part of our Nuclear Services Business.
Nuclear Services is a specialist technical area, and we bring together technical capabilities to support the Hinkley Point C (HPC) and Sizewell C (SZC) nuclear new build projects and the existing Nuclear Operations operating stations and decommissioning sites.
As a Senior Supply Chain Auditor, you will provide information to deliver the required level of assurance of mandated and claimed information security mitigations across the entire nuclear supply chain. You will ensure the effective implementation of The Technical Client Organisation’s common nuclear licensee supply chain assurance strategy, which encompasses both Classified and Non-Classified contracts.
In your role, you will be responsible for ensuring cyber security requirements within the nuclear supply chain are established and delivered in accordance with nuclear licensee business objectives and regulatory requirements.
Pay, benefits and culture…
Alongside a starting salary from £52,000 (negotiable depending one experience), we offer a competitive salary and benefits package, including a company pension scheme, a wide range of flexible benefits to suit your lifestyle, and the opportunity to earn a bonus.
At EDF, everyone’s welcome. We strive to create an inclusive and diverse environment where everyone has a voice and where you feel confident being yourself. We’re committed to equality, diversity and inclusion. We’d like our future workforce to have an equal gender balance, represent a broad mix of people from minority ethnic backgrounds, LGBTQ+, those of us with a disability and supporting social mobility.
We’re a disability confident employer and we’ll do all we can to help with your application, making adjustments as you need.
We’ll value the difference you bring and offer opportunities for you to thrive and succeed.
What you’ll be doing…
- Promoting information security policies, procedures and practice to nuclear licensee procurement staff, contractors and third parties to improve information security awareness and performance.
- Assisting in the development and maintenance of information security mitigations that are required to be mandated in supplier contracts.
- Interfacing with our regulator in relation to contract management, incidents impacting suppliers and security assurance of third parties on behalf of our clients.
- Ensuring supply chain security assessments and requirements keep pace with the ever changing cyber threat, the deployment of new technologies that could present new security risks to the nuclear licensees, and relevant best practice.
- Creating trusting relationships with both internal and external stakeholders including regulators (particularly the ONR), BEIS and at times NCSC.
- Delegated authority from the client to make informed decisions.
- Providing bespoke technical specialist matter expert advice to the nuclear licensees and their supply chain partners.
- Clear articulation of security requirements within licensees’ procurement and contractual arrangements.
- Consistent auditing of supplier security arrangements using a graded approach aligned with the risk appetite of the nuclear licensees.
- Capturing risks and tracking all non-conformances or improvement plans to reach expected outcomes.
- Ensuring work is appropriately logged, tracked and reported to the Cyber Security Assurance Manager.
- Providing technical guidance to other nuclear licensees’ procurement functions.
Who you are…
Your background may include some of the following:
- Educated to degree level (or equivalent) or have a comparable level of practical experience.
- Working experience of formal accreditation and risk assessment methodologies, such as ISO27005 or NIST.
- Experience in providing security guidance and undertaking assurance reviews of IT system support functions and procedures in a highly regulated environment.
- Strong documentation writing skills required for the ongoing development of related compliance procedures.
- A recognised security or audit certification is desirable e.g. CISSP, CISA, ISO2700X auditor, ITPC Accreditor, CCP (SIRA/Accreditor/Auditor/ITSO) or similar.
- Good working knowledge of applicable national and international standards and information security frameworks (ISO27001, HMG Security Policy Framework) and NCSC/CPNI security standards and guidance.
- Excellent understanding and practical experience of complex information security challenges, threats and risks.
- Experience of defining, understanding and interpreting contractual security clauses and requirements (preferably in alignment with HMG and/or Civil Nuclear Information Security Standards) in delivery of 3rd party contracts, and assuring compliance with those requirements.
Closing date: 10th March 2024
Join us and together we can help Britain achieve Net Zero.
#EDFNuclearServices #DestinationNuclear #EDFNuclearJobs
Job tags
Salary
£52k per annum
