Cyber Security Auditor

**Cyber Security Auditor**

Gloucester Business Park, Gloucester or Atlantic Quay, Glasgow. Hybrid with flexible home and office working supported. Travel required to supplier sites.

**Are you passionate about protecting sensitive information? Do you thrive on assessing risks and ensuring compliance in high-stakes environments? Are you ready to safeguard the future of the UK's nuclear industry?**

**If the answer is yes, this could be the opportunity for you**

**The Opportunity**

We are looking for a **Cyber Security Auditor** to join our Nuclear Services Business at EDF. Nuclear Services is our technical centre of excellence, supporting our existing fleet of nuclear power stations and our nuclear new build projects like Hinkley Point C (HPC).

In your role, you’ll play a vital role in ensuring the security of sensitive nuclear information and critical infrastructure. Working in a collaborative team, you’ll help us maintain compliance with regulatory standards, including ISO27001 and ONR Security Assessment Principles (SyAPs).

You'll be the driving force behind robust supplier assurance processes, performing cyber security audits, and mitigating risks that could impact our organisation and the wider nuclear industry.

Whether you are an experienced Cyber Security Auditor, or someone earlier in their career, we want to hear from you. This is your chance to contribute to one of the most critical sectors in the UK while advancing your career in cyber security and information assurance.

**Pay, benefits and culture**

We can offer a competitive salary from £44,112 - £78,541, and you’ll be appointed based on the parameters outlined in the Nuclear Generation Company Agreement as well as your existing salary, competence, experience and qualifications.

Alongside your salary and our market-leading pension scheme, your package will include a range of benefits, from the big and formal to the small and personal.

We’re talking about everything from **enhanced parental leave**to** electric vehicle leasing, health insurance**to** product discounts, critical illness insurance**to** technology vouchers, gym membership**to** season ticket loans**.

At EDF UK, we embrace flexibility while recognising that everyone's working needs are different. Whether you're in our office spaces, on site, or working remotely, we promote an environment that supports collaboration, connection, and comfort. No matter where you are, our priority is to make sure you feel safe, valued, and celebrated.

Here, we do right by each other and everyone’s welcome. We’re on an action-oriented journey, championing equity, diversity, and inclusion. We’d like our future workforce to have an equal gender balance, represent a broad mix of people from minority ethnic backgrounds, LGBTQ+, those with a disability and supporting social mobility.

We take pride in fostering a dynamic and inclusive environment, where the diverse backgrounds and experiences of our employees drive fresh thinking and innovation. We understand that success means different things to different people. We believe there are multiple definitions of what it means to succeed. That’s why we support you to pursue a career that’s unique to you. Because success is personal.

**What you’ll be doing**

You’ll create reports and dashboards to support decision-making and lead the implementation of automation and tools to improve efficiency. You’ll also investigate, coordinate, and report on findings to address Information Security issues and assist in developing strategies to mitigate risks and maintain accredited systems.

Staying updated on security technologies and threats, you’ll perform audits to identify risks and ensure appropriate mitigations. Additionally, you’ll monitor and inspect systems and networks to provide assurance that controls are in place.

**Who you are**

We are looking for a strong working knowledge of international standards and information security frameworks, including ISO27001, ISO27017, GDPR, and Cyber Essentials Plus. Experience in conducting audits or assurance activities within a regulated sector or environment is essential. Familiarity with the HMG Security Policy Framework, NCSC/CPNI security standards, and guidance is highly desirable, along with an understanding of various information security challenges, threats, and risks.

You should be aware of risk assessment methodologies such as ISO27005, NIST, and IRAM2 and possess strong documentation skills to communicate findings and requirements effectively to non-security audiences. Excellent written and oral communication skills are essential, alongside great tenacity, enthusiasm for problem-solving, and a willingness to learn and develop.

A recognized security or technical certification, such as CISMP, CCNA, Security+, or CEH, is desirable.

Closing Date: 8th January 2025. Applicants will be contacted in January 2025. _Please note that due to the nature of the position National Security Vetting (NSV) Security