The Cyber Assurance Advisor I role is responsible for supporting the delivery of second-line cyber assurance across key technology domains, including Operational Technology (OT), Information Technology (IT), Technical Architecture, and Supply Chain. This role focuses on evaluating the effectiveness of cyber security controls, identifying areas of risk management, and ensuring that appropriate mitigation strategies are in place. Working under the direction of the Cyber Assurance Principal Advisor and in collaboration with the Cyber Assurance Team Lead, the postholders contribute to the organisation’s overall cyber resilience by conducting assurance activities, supporting compliance with internal and external requirements, and ensuring that findings are clearly communicated and addressed. Their work helps maintain a strong security posture and supports informed decision-making across the business. The Cyber Assurance Advisor I role operates within a complex and evolving digital environment where cyber threats are increasingly sophisticated and regulatory expectations continue to grow. This role sits within the second line of defence, providing independent oversight and assurance of cyber security controls across diverse domains including IT, OT, technical architecture, and supply chain. The postholders are expected to work collaboratively across business units, often engaging with technical and non-technical stakeholders to gather evidence, assess control effectiveness, and support remediation efforts. A key challenge in this role is maintaining a consistent and risk-based approach to assurance across varied systems and environments, some of which may be legacy or operationally critical. Advisors must be able to interpret technical information, assess compliance against internal standards, and communicate findings in a clear and actionable manner. They are also required to stay current with emerging cyber threats, industry best practices, and changes in regulatory landscapes, ensuring that assurance activities remain relevant and effective. The role demands strong analytical skills, attention to detail, and the ability to manage competing priorities in a dynamic setting. Advisors must balance the need for thorough assessment with the practical constraints of operational teams, often requiring negotiation and influence to drive improvements. As part of a growing cyber assurance function, the postholders also contribute to the development and refinement of assurance methodologies, tools, and reporting mechanisms, supporting the organisation’s broader cyber resilience objectives.
Support the planning, coordination, and delivery of cyber assurance activities across IT, OT, technical architecture, and supply chain domains. Conduct cyber control testing, evidence reviews, and contribute to structured assurance assessments to evaluate the effectiveness of security measures. Assist in the development and presentation of assurance reports, dashboards, and metrics for internal stakeholders, enabling informed risk-based decisions. Maintain and update assurance documentation, including assessment records, evidence logs, and action tracking registers. Identify control weaknesses and/or gaps that create or increase risks. Collaborate with ICT, engineering, and supply chain teams to gather evidence, validate control implementation, and support timely remediation of identified issues. Contribute to regulatory and audit readiness by supporting evidence collation, documentation reviews, and preparation activities. Monitor and maintain awareness of emerging cyber threats, regulatory developments, and assurance best practices to inform assurance planning and execution. Support continuous improvement of assurance methodologies, tools, and processes to enhance the effectiveness and efficiency of cyber assurance activities. Participate in knowledge sharing and awareness initiatives to promote a strong cyber risk culture across the organisation. Experience in cyber security, audit, risk management or assurance within a regulated or technical environment. Understanding of cyber security frameworks (e.g., NCSC CAF, ISO 27001, NIST CSF, NIST 800-53). Strong attention to detail and ability to follow structured assurance processes. Good communication and documentation skills. Degree or equivalent in cyber security, engineering, or a related field. Working toward or holding relevant...
The Cyber Assurance Principal Advisor is responsible for leading the delivery of second-line cyber assurance across key domains including IT, OT, technical architecture, and supply chain. The role ensures cyber security controls are effectively assessed, risks are independently evaluated, and assurance activities are aligned with organisational priorities. They oversee a team of advisors, manage assurance planning and execution, and provide expert guidance on cyber risk and control effectiveness. The postholder acts as a key liaison between assurance, operational teams, and senior stakeholders, ensuring findings are clearly communicated and acted upon. They also support regulatory readiness, contribute to audit activities, and drive continuous improvement in assurance practices. The role requires strong leadership, technical insight, and the ability to influence across a complex and high-risk environment. The Cyber Assurance Principal Advisor operates in a high-stakes, highly regulated environment where the protection of critical infrastructure and sensitive information is paramount. The role demands a deep understanding of cyber risk across diverse domains; IT, OT, technical architecture, and supply chain within a complex organisational and technological landscape. With increasing regulatory scrutiny and evolving threat vectors, the postholder must ensure that assurance activities are both rigorous and adaptable to emerging risks. A key challenge lies in maintaining independence while working collaboratively with first-line teams across ICT, digital, engineering, and supply chain functions. The Principal Advisor must be able to challenge constructively, influence decision-making, and drive improvements without compromising relationships or operational delivery. The role also requires the ability to interpret and apply regulatory expectations, support audit and inspection readiness, and contribute to the organisation’s defensible assurance posture. Operating under the Cyber Assurance Team Lead, the postholder plays a critical role in shaping assurance strategy, delivering high-quality assessments, and supporting the continuous improvement of cyber maturity. The environment is fast-paced and demands a proactive, analytical, and resilient approach to managing competing priorities and complex assurance challenges.
Deliver second-line assurance activities across IT, OT, technical architecture, and supply chain domains. Conduct control effectiveness reviews, risk-based assessments, and thematic assurance activities. Provide expert input into the development of assurance frameworks, methodologies, and reporting. Collaborate with first-line teams and third-line audit to ensure comprehensive assurance coverage. Produce assurance reports and dashboards for governance forums and regulatory stakeholders. Support regulatory inspections and audits, including evidence collation and response coordination. Track and verify remediation of assurance findings and contribute to lessons learned. Maintain awareness of emerging threats, technologies, and regulatory expectations to inform assurance planning. Lead, mentor, and develop a team of cyber assurance advisors to build capability and consistency. Promote a culture of cyber risk awareness and accountability across the organisation. Budget Responsibility: None (contributes to assurance planning and resource prioritisation). Line Management: up to >5 resources. Decision-Making Authority: Authority to define assurance scope and report findings to the Cyber Assurance Team Lead. Reporting Line: Reports to Cyber Assurance Team Lead. Strong experience in cyber assurance, audit, risk management or control testing within a regulated environment. In-depth understanding of cyber security frameworks (e.g., NCSC CAF, ISO 27001, NIST CSF, NIST 800-53). Domain-specific knowledge in at least one of: OT, IT, technical architecture, or supply chain security. Strong analytical, reporting, and stakeholder engagement skills. Degree or equivalent experience in cyber security, engineering, or a related field. Relevant certifications (e.g., CISA, CISSP,...
To deliver, evolve and implement the Sellafield Ltd approach to managing cyber incidents, including processes, roles and escalation paths across Sellafield Ltd. The role will be responsible for following best practices and incident preparedness throughout the organisation, aligning with regulatory frameworks such as the Cyber Assessment Framework (CAF). This includes working collaboratively across Cyber Security, HR, Finance, Legal and Communication teams to deliver enterprise-wide outcomes.
Deliver the Cyber Incident Management capability across Sellafield Ltd, aligned to CAF Objective D and the broader Cyber Security strategy. Aid in the development and implementation of the Cyber Incident Management Plan (CIMP). Focused on a site wide co-ordinated response. Drive and facilitate the evaluation of Incident preparedness programme to ensure effectiveness and alignment with business needs. Co-ordinate with HR, Training, Communications, Finance and the wider organisation in educating understanding and rehearsing roles & responsibilities during a cyber incident. Designing and facilitating development programmes to enhance incident preparedness across Sellafield Ltd. Coordinate and enhance post incident reviews for cyber incidents, ensuring continuous improvement. Perform Cyber Incident Exercises (CIE) to various audiences to enhance incident preparedness. Act as an incident commander when an incident arises, bringing the necessary resources together to drive incident resolution. Facilitate and conduct post incident reviews for continuous improvement. Act as an SME within the Incident management and cyber operations consultancy pillar across Sellafield Ltd. Contribute to the enhancement of the CIR capability. Facilitate relationships with external providers and institutions to support the capability pipeline and training delivery. Represent CS&IA in internal forums, promoting best practice and continuous improvement. Operates under the direction of the Incident Response Team Lead Influences stakeholders across Cyber Security, HR, and the wider organisation. Coordinate the Sellafield Ltd incident management process, working with HR, Communications, Finance and the wider organisation. Experience in cyber incident response...
To lead the development and implementation of a strategic approach to cyber security culture, education, and awareness across Sellafield Ltd. The role will be responsible for embedding secure behaviours, reducing human-related cyber risk, and ensuring alignment with regulatory frameworks such as the Cyber Assessment Framework (CAF). This includes owning the strategic direction for cultural transformation, leading capability development, and working collaboratively across Cyber Security, HR, Training, and Communications to deliver enterprise-wide outcomes. This is a newly established role within Sellafield Ltd’s Cyber Security function, created to address the increasing need for a strategic and coordinated approach to cyber security culture and awareness. The postholder will be instrumental in shaping how the organisation embeds secure behaviours and reduces human-related cyber risk. Operating in a complex and regulated environment, the role requires strong collaboration across multiple functions and the ability to influence cultural change at scale. The capability is in its early stages of maturity, requiring significant development to reach a business-as-usual standard, including the creation of career pathways, training programmes, and a motivated, skilled workforce.
Own and deliver the Cyber Security Culture, Education & Awareness Strategy, aligned to CAF Objective B and the broader Cyber Security strategy. Lead the development and implementation of a Cyber Security Capability Plan focused on behavioural change, education, and awareness. Define and maintain a career pathway and competency framework for the Security Culture, Education & Awareness (SCEA) capability. Lead the creation and development of the SCEA capability, including talent pipeline strategy. Collaborate with HR, Training, Communications, and Unions to embed cyber awareness into organisational learning and development programmes. Undertake capability analysis to assess resourcing needs and support the identification and provision of appropriately skilled resources. Manage the rotation and development of resources, supporting enterprise-wide priorities. Identify and recommend development opportunities for personnel within the capability, including professional qualifications and external accreditation. Lead the development and delivery of cyber awareness campaigns, training packages, and behavioural change initiatives. Oversee the evaluation of education and awareness programmes to ensure effectiveness and alignment with business needs. Manage relationships with external providers and institutions to support the capability pipeline and training delivery. Provide career development advice and support to individuals. Ensure accurate and robust records are maintained within HR systems, including SQEP role mapping. Support the development of centres of expertise and knowledge management arrangements for CS&IA. Represent CS&IA in internal and external forums, promoting best practice and continuous improvement. Line management of a small team 2 FTE. ...
To lead the Threat team in delivering proactive threat intelligence, threat hunting, and advanced analysis to identify, assess, and mitigate cyber threats targeting Sellafield Ltd’s critical infrastructure and information assets. The role ensures timely identification of emerging threats, supports incident response, and drives improvements in threat detection capabilities. The Team Lead will manage operational processes, develop team capability, and ensure compliance with regulatory and organisational security standards, contributing to the safe and secure operation of the nuclear site.
Define and maintain the strategic roadmap supporting the Head of Cyber Security Operations for threat intelligence and threat hunting capabilities, ensuring alignment with organisational risk appetite and long-term cyber resilience goals. Lead the development and delivery of threat intelligence and threat hunting capabilities across IT and OT environments. Oversee collection, analysis, and dissemination of actionable threat intelligence to internal stakeholders. Drive proactive threat hunting activities to identify indicators of compromise and adversary techniques. Ensure timely escalation and coordination of threat-related incidents in line with organisational and regulatory requirements. Maintain and improve threat management processes, ensuring alignment with industry best practices and compliance frameworks. Develop and maintain threat dashboards and reporting for senior stakeholders and regulators where appropriate, ensuring KPIs are tracked for threat intelligence and hunting effectiveness, driving measurable improvements in detection and response. Integrate threat intelligence into SOC detection workflows and automation pipelines where appropriate. Collaborate with detection engineers, SOC analysts, and ICT teams to enhance detection coverage and response capabilities. Provide technical leadership, mentoring, and performance management for Threat Analysts. Promote continuous improvement initiatives, including automation and advanced analytics for threat identification. Ensure adherence to data protection, confidentiality, and security standards across all threat-related activities. Authorities & Dimensions: Budget responsibility: £1–3m (within Cyber Security Operations). Direct line management: 5–8 roles (Threat Intelligence Analysts and Threat Hunters). Systems Access: Elevated access to threat intelligence platforms, hunting tools, and analysis systems. Represent Sellafield Ltd...
Radiometric Physics Managers lead and manage a team of Radiometric Physicists who apply nuclear physics expertise to support Radiometric Characterisation Services and Nuclear Material Assay operations across the site. The role ensures the delivery of high-quality technical support for both portable and installed assay systems, enabling accurate in-situ measurement and analysis. Managers are accountable for maintaining technical excellence, overseeing the Intelligent Customer function for radiometric physics activities performed by the supply chain, and ensuring alignment with regulatory and operational requirements.
Oversee the delivery of technical packages of work for Radiometric Characterisation Services ensuring radiometric physics principles are applied appropriately and correctly. Ensures consistent application of technical quality management and assurance. Performs checking and approval activities for radiometric physics deliverables. Represent their department/facility at internal and external meetings and forums, as appropriate. Maintain effective relationships with stakeholders, establishing and maintaining links to relevant internal groups and external agencies, g. colleagues in operations roles, Centres of Expertise and regulatory bodies. Management of budgets in relation to their area of responsibility. Contribute to the development of procedures, specifications and safety documentation. Supervision and line management of Radiometric Physicists (setting performance goals and standards of behaviour, active management of SQEP/training, ensuring attendance and absences are appropriately managed, conducting regular Check-in conversations and ensuring well-being of team members). Proactive management of team safety issues ensuring all are working in compliance with site health and safety procedures. Ensure adequate consideration of nuclear, conventional, industrial, radiological and environmental safety within technical outputs, by ensuring all work activities are to site standards, policies, processes and procedures. Ensure the team are continually developed through appropriate mentoring and training programmes to deliver best practice radiometric solutions against site requirements. Proactive management of team workload, deploying resources against priority tasks. Authorities & Dimensions Delivery of a portfolio of radiometric Tasks up to £1,000,000 in value. To oversee production of technical deliverables required to support Radiometric Characterisation Services...
Cyber Risk Management roles are responsible for embedding effective cyber risk management across Sellafield Ltd. They ensure cyber risks are identified, assessed, and treated in alignment with business objectives and enterprise risk frameworks. These roles drive the development and application of risk methodologies, tools, and reporting to support informed decision-making. The Cyber Risk Manager delivers operational risk assessments, engages with stakeholders, and supports continuous improvement of risk processes. The Senior Cyber Risk Manager provides strategic oversight, leads on complex risk areas, and supports regulatory and executive engagement. Both roles contribute to strengthening cyber resilience, promoting risk awareness, and ensuring cyber risk is managed proactively across the organisation. Job Context and Challenges Operating within a complex, highly regulated, and security-critical environment, the Cyber Risk Manager and Senior Cyber Risk Manager play a central role in safeguarding the organisation against evolving cyber threats. These roles function across two levels requiring both the delivery of day-to-day risk assessments and the strategic oversight of broader risk domains. The environment demands a careful balance between maintaining regulatory compliance and enabling operational effectiveness. Success in these roles depends on the ability to engage with a wide range of stakeholders, translating technical cyber risks into clear, actionable business terms. Both roles support the Head of Governance, Risk, Compliance & Assurance (GRCA) and the Cyber Risk Team Lead in sustaining a defensible and transparent cyber risk posture. They must also navigate shifting threat landscapes, emerging technologies, and increasing scrutiny from regulators and internal governance bodies, all while embedding a culture of cyber risk awareness across the organisation.
Conduct and support cyber risk assessments across systems, services, and projects. Maintain and update the cyber risk register, ensuring timely escalation of significant risks. Collaborate with ICT, business units, and project teams to embed cyber risk management practices. Support the development and implementation of cyber risk frameworks, tools, and methodologies. Provide expert advice on cyber risk mitigation strategies and treatment plans. Contribute to the development of risk reporting for governance forums and regulatory bodies. Monitor emerging threats and assess their potential impact on the organisation’s risk posture. Promote cyber risk awareness and training across the organisation. Budget Responsibility: Contributes to cyber risk management activities within the GRCA budget. Line Management: Senior role may matrix manage or act as a mentor. Decision-Making Authority: Authority to recommend risk treatment options and escalate risks. Reporting Line: Reports to Cyber Risk Team Lead. Experience in cyber risk management, ideally within a regulated or critical infrastructure environment. Understanding of cyber risk frameworks (e.g., ISO 27005, NIST, FAIR) and the NCSC CAF. Degree or equivalent in cyber security, risk management, or a related field. Relevant certifications (e.g., CRISC, CISSP, ISO 27005 Risk Manager). Experience in the nuclear or CNI sector. Familiarity with ONR SyAPs, NISR 2003, and HMG SPF. Experience with risk quantification or risk tooling platforms. Open VN Number of Vacancies: 3 Contact: Graeme Mcgibbney The interview dates for this vacancy are to be...
Provide high quality and timely Case Coaching service to customers to enable line managers to manage formal people cases from creation to resolution and to achieve the most positive outcome possible. This will include support to cases at all levels of complexity escalating as needed to Senior Case Coaching Lead, enabling line managers to manage a case from creation to resolution. The role will ensure legal compliance, process compliance, review of best practice / areas for improvement and coaching of line managers.
Provide professional coaching and guidance to all customers on all aspects of case management in accordance with legislation, organisation policy/process and ACAS best practice, ensuring that where possible risks are mitigated, and any issues are addressed in a timely and efficient manner. Develop and maintain effective relationships and communications with the customer, understanding their needs and goals and delivering service within agreed timelines/SLAs. In cases where an investigation is required, select and appoint a suitable investigator, based on the complexity of the case and the investigator’s level of experience. In cases where a hearing is required, select and appoint a suitable hearing chair based on the complexity of the case. Triage and escalate highly complex and sensitive cases to the ER Team and Senior Case Coach in line with agreed escalation routes. Coach customers on Core People processes, instilling people management best practice in order to drive enhanced line manager behaviours and increased capability. Assist with the development and delivery of training materials and programmes for customers to support line manager capability improvements. Provide support to the less experienced members of the Advice & Case Coaching Team in all aspects of case coaching and guidance by knowledge sharing to support continuous improvements. Build and develop constructive relationships with key stakeholders including Trade Unions, Legal, Occupational Health and Security to support professional delivery of case coaching service to customers. Collect customer feedback and information/data to support the Senior Case Coach to...
As a Cyber Strategy Manager you will lead the development and execution of the organisation’s cyber security strategy, ensuring alignment with national security priorities, regulatory requirements, and operational resilience goals. The Cyber Strategy Manager will drive strategic initiatives that enhance cyber maturity across IT and OT environments, enabling secure digital transformation in a high-consequence nuclear setting.
Develop and maintain a long-term cyber strategy aligned with organisational objectives and national frameworks (e.g., NCSC, ONR, BEIS). Lead strategic planning for cyber risk management, resilience, and capability development. Oversee cyber maturity assessments and drive continuous improvement initiatives. Coordinate cross-functional cyber programmes, including governance, awareness, and innovation. Engage with senior leadership to ensure cyber strategy is embedded in business planning and decision-making. Represent the organisation in external strategic forums, including government and industry working groups. Monitor emerging threats, technologies, and regulatory changes to inform strategic direction. Provide strategic oversight of cyber investment planning, including budget prioritisation and resource allocation. Strategic Leadership: Authority to define and implement the cyber strategy across the organisation. Policy Direction: Influence over cyber policy development and alignment with strategic goals. Budgetary Input: Authority to recommend and prioritise cyber-related investments and resource allocations. Stakeholder Engagement: Acts as the strategic liaison with external bodies (e.g., ONR, NCSC, NDA, DESNZ). Programme Oversight: Leads or sponsors major cyber programmes and initiatives. Scope: Organisation-wide, covering both corporate IT and Operational Technology (OT) environments. Strategic Impact: Direct influence on cyber posture, regulatory compliance, and digital transformation. Team Leadership: May manage a small team of cyber strategists, analysts, or programme leads. Budget Influence: Contributes to multi-million-pound cyber investment planning and prioritisation. Stakeholder Reach: Interfaces with executive leadership, regulators, government departments, and industry partners. Proven experience in cyber strategy, governance, or risk management within a...
The Directorate Head of Engineering & Maintenance manages the delivery of fit for purpose plant engineering & maintenance programmes within an assigned engineering area to meet the multi-faceted needs of a Directorate’s operation, maintenance and project delivery. The role holder supports the achievement of business targets and ensure the safe operation of the delivery directorate by facilitating the movement of resources across the organisation. The role is responsible for defining the structure, organisation, and resourcing levels of Plant Engineering to effectively deliver engineering activities within their area of responsibility. In addition, the postholder has the authority to determine the applicability of engineering standards within the Delivery Directorate.
Develop and deliver operational plans which enable the assigned engineering area to achieve improvements in availability and reliability to support the achievement of Sellafield objectives. Participate on the Divisional lead team and contribute to the development of engineering and maintenance strategy which supports overall Sellafield goals Carry overall responsibility for safety, cost and quality standards for Engineering within the Directorate, ensuring compliance with appropriate regulations, standards and policies Establish, implement and maintain the technical baseline for Delivery Directorate plant assets including the technical basis of maintenance Ensure the delivery of pragmatic, technically sound and fit for purpose engineering solutions to optimise facility performance Develop medium and long term workforce plans and take required action to develop appropriate engineering capability to meet engineering objectives Act within the principles of Engineering Authority for the Delivery Directorate, establishing functional requirements and specifications, and ensuring that the design of engineering systems / equipment meets the needs of the facility Keep up to date with changes in the external environment which could impact upon workforce needs, taking action as required to mitigate and manage risks to capability of the Directorate Represent the Directorate to a range of internal and external stakeholders to ensure alignment of activities to enable the effective delivery of engineering objectives Act as the key point of contact for regulators, ensuring that requests are appropriate and fulfilled in a timely manner, negotiating as required to ensure smooth and successful inspections Act...
Fill in the form that pops out with your email address and desired contact frequency then click the 'Subscribe' button on the form.
You will have the choice to opt out of the alert in the email confirmation.
