Cyber Risk Management roles are responsible for embedding effective cyber risk management across Sellafield Ltd. They ensure cyber risks are identified, assessed, and treated in alignment with business objectives and enterprise risk frameworks. These roles drive the development and application of risk methodologies, tools, and reporting to support informed decision-making. The Cyber Risk Manager delivers operational risk assessments, engages with stakeholders, and supports continuous improvement of risk processes. The Senior Cyber Risk Manager provides strategic oversight, leads on complex risk areas, and supports regulatory and executive engagement. Both roles contribute to strengthening cyber resilience, promoting risk awareness, and ensuring cyber risk is managed proactively across the organisation. Job Context and Challenges Operating within a complex, highly regulated, and security-critical environment, the Cyber Risk Manager and Senior Cyber Risk Manager play a central role in safeguarding the organisation against evolving cyber threats. These roles function across two levels requiring both the delivery of day-to-day risk assessments and the strategic oversight of broader risk domains. The environment demands a careful balance between maintaining regulatory compliance and enabling operational effectiveness. Success in these roles depends on the ability to engage with a wide range of stakeholders, translating technical cyber risks into clear, actionable business terms. Both roles support the Head of Governance, Risk, Compliance & Assurance (GRCA) and the Cyber Risk Team Lead in sustaining a defensible and transparent cyber risk posture. They must also navigate shifting threat landscapes, emerging technologies, and increasing scrutiny from regulators and internal governance bodies, all while embedding a culture of cyber risk awareness across the organisation.
Conduct and support cyber risk assessments across systems, services, and projects. Maintain and update the cyber risk register, ensuring timely escalation of significant risks. Collaborate with ICT, business units, and project teams to embed cyber risk management practices. Support the development and implementation of cyber risk frameworks, tools, and methodologies. Provide expert advice on cyber risk mitigation strategies and treatment plans. Contribute to the development of risk reporting for governance forums and regulatory bodies. Monitor emerging threats and assess their potential impact on the organisation’s risk posture. Promote cyber risk awareness and training across the organisation. Budget Responsibility: Contributes to cyber risk management activities within the GRCA budget. Line Management: Senior role may matrix manage or act as a mentor. Decision-Making Authority: Authority to recommend risk treatment options and escalate risks. Reporting Line: Reports to Cyber Risk Team Lead. Experience in cyber risk management, ideally within a regulated or critical infrastructure environment. Understanding of cyber risk frameworks (e.g., ISO 27005, NIST, FAIR) and the NCSC CAF. Degree or equivalent in cyber security, risk management, or a related field. Relevant certifications (e.g., CRISC, CISSP, ISO 27005 Risk Manager). Experience in the nuclear or CNI sector. Familiarity with ONR SyAPs, NISR 2003, and HMG SPF. Experience with risk quantification or risk tooling platforms. Open VN Number of Vacancies: 3 Contact: Graeme Mcgibbney The interview dates for this vacancy are to be...
Provide high quality and timely Case Coaching service to customers to enable line managers to manage formal people cases from creation to resolution and to achieve the most positive outcome possible. This will include support to cases at all levels of complexity escalating as needed to Senior Case Coaching Lead, enabling line managers to manage a case from creation to resolution. The role will ensure legal compliance, process compliance, review of best practice / areas for improvement and coaching of line managers.
Provide professional coaching and guidance to all customers on all aspects of case management in accordance with legislation, organisation policy/process and ACAS best practice, ensuring that where possible risks are mitigated, and any issues are addressed in a timely and efficient manner. Develop and maintain effective relationships and communications with the customer, understanding their needs and goals and delivering service within agreed timelines/SLAs. In cases where an investigation is required, select and appoint a suitable investigator, based on the complexity of the case and the investigator’s level of experience. In cases where a hearing is required, select and appoint a suitable hearing chair based on the complexity of the case. Triage and escalate highly complex and sensitive cases to the ER Team and Senior Case Coach in line with agreed escalation routes. Coach customers on Core People processes, instilling people management best practice in order to drive enhanced line manager behaviours and increased capability. Assist with the development and delivery of training materials and programmes for customers to support line manager capability improvements. Provide support to the less experienced members of the Advice & Case Coaching Team in all aspects of case coaching and guidance by knowledge sharing to support continuous improvements. Build and develop constructive relationships with key stakeholders including Trade Unions, Legal, Occupational Health and Security to support professional delivery of case coaching service to customers. Collect customer feedback and information/data to support the Senior Case Coach to...
To work within the Leadership and Talent Centre of Expertise to provide advice, coaching and facilitation support to leaders and leadership teams across Sellafield to enable the embedding of the Leadership Academy programmes, Leadership Standard Behaviours and Leadership tools. This is a 12 month opportunity, open to applications from those graded 4B - 4A.
Embed strategy into the business by supporting leaders to develop an embedding plan for their teams focusing on improving individual leadership behaviour and team performance. Providing appropriate advice, guidance and support to ensure leaders embed the leadership standard and key leadership frameworks into their business areas. Coach leaders to develop behaviours in alignment with the Leadership Standard and Manifesto to drive greater consistency and support enhanced leadership capability Design and facilitate high performing team interventions to support the improvement in team capability and performance Administer psychometrics/ diagnostics as appropriate with individuals and teams to identify development gaps and appropriate learning interventions Work in conjunction with L&D suppliers and Head of High-Performance Leadership to design and develop appropriate and cost-effective L&D solutions as part of the Academy offering in line with identified business needs Facilitate action learning groups as part of the and embed a culture of action learning more widely in the business Support the implementation and on-going delivery of a 360-assessment tool as part of the LEAD programme Provide 360 feedback/ support as required Review and analyse feedback data from Academy programmes to be able to make recommendations for continuous improvement Graduate with considerable experience OR part professional qualification with substantial experience. The above stated requirements demonstrate the Company’s commitment to provide opportunities for candidates to further develop professional expertise. It is recognised however, that some internal candidates may not currently hold all the above qualifications and in...
The HAL Inspections & Characterisation Team are responsible for the deployment of inspection and radiometric characterisation equipment within “Dark Cells” within both HALES and HLWP. This vacancy will provide a successful candidate with the opportunity to work alongside a variety of stakeholders in delivering vital inspection and characterisation work to underpin the continued operation of both plants and support the efficient wash out of vessels as part of Post Operation Clean Out (POCO). The position is a mixture of desk-based work - creating work packs, generating PMPs, planning work, and reviewing/updating inspection and characterisation strategies - alongside plant-based work, including equipment deployment and supervising contractors at the work face. In this role, the successful candidate will be exposed to a wide array of inspection and characterisation technologies, as well as novel techniques utilised to deploy the equipment into the HA cells, as required.
Initially supporting CCTV inspections, with a view to later supervising inspections. Setting up and leading of stakeholder meetings to facilitate inspection tasks. Creation of SSOW (Safe Systems of Work) work packs, including instruction writing. Assisting with PMPs for the delivery of inspection and characterisation work. Deployment of Radiometric Characterisation Equipment within C3 Areas. Prompt reaction to inspection requests from Plant Engineering. Deputise for the inspections lead where required. Attend regular meetings to coordinate work with IWM and stakeholders. Strategic work, supporting the review of the inspection programme and researching potential applications for new technologies and deployment techniques. This would be an excellent development opportunity for someone who wishes to develop their skills as or work towards their POW SQEP. The role will also provide plenty of opportunity to work on and develop their understanding of HALES and HLWP, gaining plenty of plant-based experience. Strong team working skills. Strong communication skills. Demonstrable Problem-Solving Skills. Able to work in a changing environment. Strong planning skills. Able to work with a wide range of stakeholders (both internal and external to SL). Experience of working in a plant facing role. C2/R2 SQEP’d. C3 SQEP’d. Enclosed suit SQEP’d. SQEP’d or working towards POW. Experience of SSOW creation. Open VN Number of Vacancies: 2 Contact/s: Alexander Cuthell & Declan Conley The interviews for this vacancy are expected to be 15th & 16th...
As a Cyber Policy Advisor, you will play a key role in shaping and implementing cyber security and resilience policies across Sellafield Ltd decommissioning estate. You will work closely with internal teams, government departments, regulators, and industry stakeholders to identify cyber risks and develop strategic responses.
Develop and maintain cyber security and information assurance policies aligned with national standards (e.g., NCSC, NIS Regulations, ONR guidance). Provide expert policy advice to IT, cyber operations, and senior leadership teams. Monitor regulatory changes and emerging threats to ensure policy relevance and compliance. Collaborate with internal stakeholders (e.g., IT, Legal, Risk, Operations) and external partners (e.g., ONR, NCSC, DESNZ). Support audits, inspections, and assurance activities related to cyber governance. Lead or contribute to cyber incident response planning and policy updates. Policy Ownership: Authority to draft, approve, and enforce cyber security policies across IT and OT environments. Advisory Influence: Trusted advisor to senior management, with authority to escalate cyber risks and recommend strategic actions. Regulatory Liaison: Acts as the point of contact for cyber policy matters with external regulators (e.g., ONR, NCSC, DESNZ). Governance Leadership: Chairs or contributes to internal cyber governance boards and working groups. Scope: Organisation-wide, covering both corporate IT systems and operational technology (OT) environments. Stakeholder Reach: Interfaces with internal teams (IT, Risk, Legal, Operations) and external bodies (government, regulators, industry partners). Impact: Direct influence on the organization’s cyber resilience posture, regulatory compliance, and reputation. Budgetary Influence: May contribute to budget planning for cyber policy initiatives, training, and tooling. Team Collaboration: Works closely with cyber operations, information assurance, and digital transformation teams. Strong understanding of cyber security frameworks (e.g., ISO 27001, NIST, CAF). Experience in policy development, risk management, or cyber...
All applicants will be required to meet the following criteria: Fully Accomplished/Competent. At least 1 year out of Apprenticeship/1 year with SL. My Contribution performance to be a minimum of ‘Meet Expectations’. Achieved Nomination. Completed GET Training. SQEP Role/Mentor Guide- SP30001/MG0403. If the application has met the pre-requisites – applicants will be invited to undertake an informal discussion and sent a copy of the Guidance Document. If the application has not met the pre-requisites – applicants will be notified why they have not been selected for the next steps and details of these applicants will be shared with Unite. NOTE: The GET Training is the company Site Wide Qualifications that all employees must complete. This includes: Working Safely (S02241). Fire Safety eLearning (EL0026). Environmental Waste Management (EL0044). Nuclear Safety Culture (EL0106). Environmental Awareness at Sellafield (EL0160). Cyber Security and Information Assurance (EL0163). Data Protection (EL0192) Equality and Diversity (EL0198).
Open VN Number of Vacancies: 1 Contact/s: Debbie Eilbeck Please see link to the competency framework for further information: https://slportal.ssa-intra.net/pub/SC001/00027/Competency%20Framework/Forms/AllItems.aspx Sellafield Ltd are recognised as a Disability Confident Employer (Level 3). Disability Confident employers offer an interview to disabled applicants that meet the minimum criteria for a vacancy. Sellafield Ltd define the minimum criteria as the ‘essential skills’ which are listed on the vacancy notice. Whilst completing your application form, you will be able to indicate if you wish to be considered under the disability confident scheme. If you would prefer to discuss this directly with us, please contact the GBS Recruitment team on recruitment@sellafieldcloud.co.uk Please ensure that you save a copy of this advert for future reference if you make an application for this role. The closing date for this vacancy is Sunday 19th July 2026.
Responsible for establishing and delivering a robust second-line cyber assurance capability across Sellafield Ltd. The role ensures that cyber security controls, processes, and systems are independently assessed for effectiveness, compliance, and alignment with regulatory expectations and business risk appetite. Operating within a highly regulated and safety-critical environment, the postholder supports the Head of GRCA and the wider cyber security function by providing meaningful insight into the organisation’s cyber resilience and driving continuous improvement. The Team Lead works closely with risk and compliance leads, ICT delivery teams, and internal/external audit functions to ensure assurance is embedded, risk-informed, and proportionate. The role also supports regulatory engagement and contributes to maintaining confidence in Sellafield Ltd’s cyber security posture.
Lead the development and execution of a risk-based cyber assurance strategy and annual plan, ensuring alignment with organisational objectives and regulatory expectations. Oversee the delivery of second-line assurance activities, including control effectiveness testing, process evaluations, and thematic reviews across IT, OT, technical architecture, and supply chain domains. Provide independent, expert assurance on the adequacy and effectiveness of cyber security controls, risk mitigations, and governance arrangements. Take ownership to proactively identify, assess, and escalate risks that could impact safety, compliance, and/or project delivery. Ensure timely communication of potential risks to relevant stakeholders and contribute to mitigation planning. Coordinate with first-line ICT, engineering, and supply chain teams, as well as third-line audit, to ensure assurance coverage is integrated, efficient, and comprehensive. Produce high-quality assurance reports, dashboards, and insights for senior leadership, governance forums, and regulatory stakeholders. Support the Head of GRCA in managing regulatory engagement, including preparation for inspections, audits, and the provision of defensible assurance evidence. Monitor, track, and verify the remediation of assurance findings, ensuring timely closure and embedding of lessons learned. Maintain up-to-date knowledge of emerging cyber threats, regulatory developments, and assurance best practices to inform planning and continuous improvement. Champion a culture of cyber accountability, transparency, and maturity through effective stakeholder engagement and assurance-led insights. Mentor and develop cyber assurance advisors, fostering capability growth and consistency in assurance delivery. Budget Responsibility: Contributes to the management of assurance activities within the GRCA budget. Line Management:...
To support the Deputy CISO and wider Cyber Security and Information Assurance team in delivering strategic cyber security transformation through the development and implementation of cyber policies, security culture education and awareness initiatives, establishing cyber security profession standards, and ensuring cyber projects align with Sellafield Ltd strategy and statutory requirements (including those outside ONR regulation such as GDPR). Job Context and Challenges The Security Consultant plays a pivotal role in driving cyber security and information assurance transformation in an evolving, complex, and highly regulated environment. Operating at the intersection of cyber strategy, risk management, and organisational delivery, this role provides expert guidance across a complex and evolving digital landscape. It demands proactive engagement with diverse stakeholders, navigating regulatory pressures, emerging technologies, and operational priorities to ensure cyber resilience is embedded across the business. The role requires agility, influence, and a solutions-focused mindset to address high-profile challenges and drive alignment with Sellafield Ltd.’s strategic objectives.
Act as an internal cyber advisor, ensuring projects and initiatives align with cyber strategy and organisational objectives. Provide leadership and coordination in resolving complex or high-profile cyber security issues, facilitating stakeholder engagement and driving effective solutions to remove barriers and ensure progress. Serve as a key point of contact for colleagues across the organisation seeking guidance on cyber security matters, providing expert advice, clarifying the organisation’s cyber posture, and facilitating engagement with appropriate teams or resources. Support the development, implementation, and maintenance of cyber security policies, standards, and procedures. Provide oversight across project portfolios, checking that planned activity is on track and highlighting risks or misalignment. Conduct horizon scanning for new technologies, regulatory changes, technology and emerging threats (e.g. AI, compliance shifts), briefing leadership on potential impacts. Support assurance assignments to evidence compliance and alignment with the Sellafield Ltd cyber strategy and regulatory obligations. Participate in the establishment and development of a cyber profession within Sellafield Ltd, collaborating with HR, Learning & Development and other relevant functions. Monitor cyber security trends, threats, and emerging risks to inform decision-making and prioritisation. Engage with projects and business functions to ensure cyber requirements are understood and embedded within delivery approaches. Support the Deputy CISO with senior level incident management activities where required. Demonstrable experience in cyber security and information assurance within a large, complex environment. Good understanding of cyber security frameworks, risk management, and assurance practices. Familiarity with regulatory...
Deliver expert engineering, optimisation and lifecycle management of SOC platforms, ensuring high availability, security and scalability to enable robust, proactive threat detection and response in alignment with business and regulatory requirements. Job Context and Challenges The role operates within a large, complex, and highly regulated hybrid estate, requiring rapid adaptation to evolving threats, new technologies, and business requirements. This role must balance deep technical delivery with standards governance, complex stakeholder management, and the ongoing professional development of less experienced team members. The role tackles sophisticated engineering challenges requiring critical thinking and innovative problem-solving for high resilience, performant, and cost-effective SOC delivery.
Engineer, optimise, and maintain SOC platforms (e.g., SIEM/SOAR such as Microsoft Sentinel, Defender suite, Log Analytics) to maximise security operations effectiveness. Onboard, validate, and document new log sources in line with operational detection requirements. Deploy, configure, and monitor platform agents and sensors across on-prem, cloud, and hybrid environments. Implement and tune analytics rules, detection logic and KQL queries, collaborating with threat detection and response teams. Develop, maintain, and improve automation workflows (e.g., SOAR playbooks, Logic Apps, scripts) to streamline detection and response. Produce and review reports on platform health, coverage gaps, and ingestion volumes to inform operational improvements and cost optimisation. Provide guidance and mentorship to SOC engineering colleagues and contribute to skills development across the team. Collaborate with ICT and business stakeholders to prioritise engineering work based on risk/business value. Ensure robust documentation, adherence to standards, and maintenance of secure engineering practices in line with frameworks such as NCSC CAF, MITRE ATT&CK, and NIST CSF. Monitor and manage performance and cost of cloud native security services (e.g., Azure security tooling), supporting optimisation efforts. Lead telemetry engineering, including designing parsers, data schemas, onboarding runbooks, retention and normalisation to support detection and forensics. Participate in incident response activities as the technical SME on SOC engineering and tooling. No direct budget authority but responsible for influencing spend optimisation on managed platforms. May deputise for SOC Engineering Team Lead as required. No direct line management, but mentor/technical lead...
Deliver specialist quantitative risk analysis and modelling services to support informed, risk-based decision-making across Sellafield’s complex programmes and projects. This job ensures the effective implementation of the Sellafield Risk Management Framework by providing integrated cost and schedule risk analysis, enabling the organisation to achieve its objectives safely, efficiently, and with confidence. They also build organisational capability through training and support. Job Context & Challenges: 1. Operating Environment: The job operates within one of the most complex and highly regulated industrial environments in the UK. Sellafield’s projects are often industry firsts, requiring innovative approaches to risk management and modelling. The work is safety-critical, with significant implications for cost, schedule, and regulatory compliance. 2. Technical Complexity: The job demands deep technical expertise in quantitative risk analysis and modelling software (Safran Risk, Primavera Risk Analysis) and their integration with Primavera P6. It also requires a strong understanding of project controls disciplines, planning, estimating, and cost control, to ensure risk models accurately reflect project realities. 3. Cross-Disciplinary Knowledge: Successful delivery requires collaboration across multiple functions, including engineering, project management, commercial, and safety. The ability to interpret and challenge inputs from these disciplines is essential. 4. Peer Review Responsibility: The job includes peer reviewing risk models for programmes and major projects, which requires significant judgment, technical depth, and the ability to assure compliance with governance standards. 5. Deadlines and working through ambiguity: Challenges include tight deadlines, evolving project scopes, and the need to provide robust risk analysis under conditions of uncertainty. The job holder must balance technical accuracy with clarity and usability of outputs for decision-makers.
1. Deliver integrated cost and schedule quantitative risk analysis models using specialist tools (Safran Risk, Primavera Risk Analysis) to provide accurate risk forecasts that inform decision-making across Programmes and Major Projects. 2. Peer Review and assure risk models of the highest complexity for Programmes and Major Projects to confirm compliance with governance standards, validate assumptions, and ensure outputs are robust and credible. 3. Validate and assure input data quality for risk models, including cost, schedule, and logic integrity, to guarantee fitness for purpose. 4. Produce clear, actionable risk analysis outputs and reports that enable stakeholders to understand risk exposure and make informed strategic and operational decisions. 5. Act as a subject matter expert for quantitative risk analysis and modelling software, providing technical guidance on Safran Risk, Primavera Risk Analysis, and their integration with Primavera P6. 6. Coach, mentor, and train colleagues and stakeholders in risk modelling principles, tools, and best practices to build capability across the organisation. 7. Provide expert challenge and assurance on risk modelling activities across projects and programmes to maintain integrity and compliance with governance requirements. 8. Lead and contribute to community of practice forums to share knowledge, promote continuous improvement, and embed best practices in quantitative risk analysis. 9. Line manage up to 3 employees (TRM only). Authorities: Authority to peer review and sign off integrated cost and schedule risk analysis models for the highest complexity and value projects/programmes, ensuring compliance with governance and quality standards. Authority to recommend improvements to risk modelling processes...
Fill in the form that pops out with your email address and desired contact frequency then click the 'Subscribe' button on the form.
You will have the choice to opt out of the alert in the email confirmation.
