Title: IT Security Officer The Programme and Project Partners (PPP) model was mobilised in 2019 with the purpose of transforming major project delivery at the Sellafield nuclear site. The partnership brings together KBR, Jacobs, Morgan Sindall Infrastructure, Altrad Babcock and Sellafield Ltd to deliver a 20-year pipeline of major infrastructure projects to support the decommissioning of Sellafield and to create a clean and safe environment for future generations. In delivering its pipeline of large-scale infrastructure projects, PPP is creating opportunities for its people, supply chain, economy and communities. KBR's rapidly growing nuclear team of teams is working at the forefront of the UK's nuclear space on some of the most exciting new-build, defence and decommissioning programmes. KBR was recently named a "Great Place to Work-Certified" company in 2023, an honour that underscores the company's commitment to being a UK employer of choice for people who want to do work that matters. Due to the nature of our work and security requirements, KBR does not offer sponsorship. We can only consider applicants with the right to live and work in the United Kingdom We are an Equal Opportunities employer and strive to build a workforce that truly reflects the communities we represent. We welcome candidates from all backgrounds, regardless of age, disability, gender, gender identity, gender expression, race, religion or belief, sexual orientation, socioeconomic background, and any other protected characteristic. If you decide to apply for an opportunity with us, your application will be assessed based purely on your experience, the essential and desirable criteria, and your suitability for the role. LI-JI1 LI-HYBRID Project: PPP ICT/IM Job Title: IT Security Officer Reports to: PPP ICT Programme Manager Location: Hinton House, Birchwood Park Avenue, Risley, Warrington, Cheshire WA3 6GR United Kingdom with regular travel to Cumbria (2 or 3 times per month) including probable overnight stays. Qualifications, Experience and Skills - Qualifications: Essential: - Qualified at a minimum of degree level in an IT, Cyber Security, or analytical based studies. - Qualification or membership of a professional body in Information Security. - Experience of Cyber Security Standards. - Experience in applying technical information technology and information assurance controls to process mapping and information flows. - Experience of working in a Regulated environment. Desirable: - Project Management experience. Experience and Skills: Essential: - A good understanding of Cyber Security. - A good understanding of Agile Methodologies. - A good understanding of Process Mapping and Information flows. - Appropriate ICT experience including network management. - Ability to interpret business requirements and technical ICT documents into Cyber Security requirements. - Good understanding and knowledge of ICT systems (software, hardware and networks) and applications both legacy and current. - Good communication skills across all levels of the business and able to talk to non-specialists, specialists and senior stakeholders. - Ability to work independently and unsupervised. - Excellent problem solving skills. - Methodical and logical approach. - Self-motivated and can demonstrate high levels of resilience, honesty and integrity. - Knowledge of Civil Nuclear Information security requirements and NCSC good practice. - Understanding and knowledge of the strengths and weakness of modern ICT technology to identify vulnerabilities when assessing information systems architectures and designs. - Knowledge and experience of network and systems management. - Knowledge and use of security and privacy policy (including but not limited to ISO27001, ISO 27005, ISO22301, NISR 2013, NIST 800-53, EU GDPR and DPA 2018) - Knowledge of Cyber Security models and frameworks (NIST PDRR, Mitre ATT&CK, ONR SyAPs). - Knowledge and understanding of analytical modelling (business, security, technology). Desirable: - Knowledge and experience of project management - Knowledge of process mapping and information flows.