Current vacancies

Information Security Officer

Job details

No. of posts: 1
Vacancy Reference Number: OGA004
Grade 7
Salary range: £65,700 per annum plus benefits
Location: Aberdeen or London
Travel to other locations with UK? Yes
Appointment Type Permanent
Appointment Term Full time
Level of Security clearance Basic
Medical required? No

Unless otherwise stated consideration will be given to requests to work on a part time or job share basis. Flexible working hours can also be considered.

Application details

Closing date for applications: 21 Jun 2017

Brief overview of role

The OGA is looking for an experienced professional to drive the continuous improvement in the overall posture of information security across the organisation; applying a balanced approach to appropriate information security risk, control and governance, alongside the on-going operational requirements of the organisation. Information Security is paramount to the OGA. Service, systems and devices will be secure, resilient and compliant will all applicable policies and standards to ensure the confidentiality, integrity and availability of all information and data.

Detailed job description and key responsibilities

Key responsibilities include: 

  • Ensure the proactive approach to the identification, assessment and mitigation of emerging information security risks and business impacts arising from the processing of digital and physical information, and operation of IT services and systems;
  • Investigate the root causes of information security incidents, identifying any ‘lessons learned’ and proposing additional preventive controls and operational improvements to maintain the confidentiality, integrity and availability of the organisations information assets;
  • Develop and maintain an information security framework, with simple policies, processes, standards and guidelines – based on industry standard best practice ISO/IEC 27001/2;
  • Monitor the effectiveness of security policies and practices covering physical, procedural and technical controls
  • Ensure compliance with all applicable legislation and HMG Standards – such as the Data Protection Act 1998, the General Data Protection Regulation (Regulation (EU) 2016/679), the Cabinet Office Security and Privacy policy, HMG Security Policy Framework;
  • Maintain a register of legal, statutory, regulatory and contractual obligations (related to information security), raising the awareness and highlighting the implications of changes in applicable legislation;
  • Undertake initiatives to raise awareness of information security issues, policies, guidelines and best practices within the organisation as well as with service partners;
  • Conduct periodic internal and external vulnerability scans and penetration tests across OGA’s IT infrastructure, lead the remediation activities to resolve the highlighted vulnerabilities;
  • Assist with the planning, coordination and delivery of identified projects ensuring that information security requirements are incorporated;
  • Liaise with external service support organisations as required;
  • Adhere to the IS Change Management process communicating all changes that impact the organisation and wider user community, liaising with respective service providers.
  • Provide cyber awareness training to OGA personal.

Priorities and Key Challenges

The immediate priorities for the Information Security Manager are as follows: 

  • Assess the current information security posture across the organisation, identify and prioritise the people, process and technology gaps that must be addressed;
  • Develop and implement a plan to mitigate the prioritised risks, threats and vulnerabilities;
  • Work with the Information Services Leadership team to ensure the full and successful IT separation from BEIS by Q4/2017.

Person specification

  • Competence 1: Delivering at Pace - Able to meet deadlines, prioritise and organise a busy schedule of work; Creative, enthusiastic and committed to the role; Proactive, taking action and anticipating opportunities.
  • Competence 2: Leading and Communicating - Have leadership, communication and motivational skills yet also be a committed team-player in an environment where priorities and goals can quickly change and evolve; Have exceptional inter-personal skills, enabling constructive engagement at all levels; Able to work on own initiative as well as member of a team with an effective focus on delivery.
  • Competence 3: Managing a Quality Service - Able to assess information systems processes and IT services and systems threats, vulnerabilities and risks; Ability to write reports on information security and risk management; Ability to author information security policies, procedures, standards or guidelines.
  • Competence 4: Building Capability for All - Works and communicates effectively and fluently with managers and staff - able to explain complex technical issues in terms that non-technical managers and staff will understand.

Specialist Skills, Qualifications, Experience, Licenses, Memberships or Language

Essential Desirable
• Competent and accredited information security professional (e.g., Certified Information Security Manager (CISM)/ Certified Information Systems Security Professional (CISSP));
• Proven experience of developing and implementing information security framework systems, tools and processes;
• Significant experience in a similar information security / assurance / compliance / risk role;
• HND/Degree qualifications are favourable however professional technical/security accreditations from recognised industry bodies are preferred.
• Computer Hacking Forensics Investigator accredited;
• CREST Cyber Threat Intelligence Manager;
• CESG Certified Cyber Security Consultant;
• Experience of public sector / government regulatory environment;
• Experience of the Oil & Gas industry.

Application Process and Further Information

Unfortunately you do not meet minimum nationality and educational requirements of this position.

To apply please send a covering letter and CV quoting the recruitment reference number and job title to

You should provide examples in your covering letter that best demonstrate your skills and abilities against the competencies and specialist skills. The maximum word count against each competence example is 250 words. The information you provide will be assessed during the short listing stage and if you are invited to attend an interview, the indicated competence areas will discussed further.

When completing your application, you should use the STAR format (Situation, Task, Action and Result) methodology for each competence. All appointments are subject to successful completion of pre-employment checks

For further information please see the Information to Candidates pack (PDF)

Additional information on what you can expect as an Oil and Gas Authority employee

Equality and diversity statement

The OGA is committed to embedding equality and diversity into all our policies and processes. We will aim to recruit, retain and promote staff on the basis of competence and regardless of characteristics including those listed under the Equality Act 2010. These protected characteristics are; age, disability, gender reassignment, marriage and civil partnership, pregnancy and maternity, race, religion and belief, sex and sexual orientation