Job Description

The Cyber Assurance Advisor I role is responsible for supporting the delivery of second-line cyber assurance across key technology domains, including Operational Technology (OT), Information Technology (IT), Technical Architecture, and Supply Chain. This role focuses on evaluating the effectiveness of cyber security controls, identifying areas of risk management, and ensuring that appropriate mitigation strategies are in place.

Working under the direction of the Cyber Assurance Principal Advisor and in collaboration with the Cyber Assurance Team Lead, the postholders contribute to the organisation’s overall cyber resilience by conducting assurance activities, supporting compliance with internal and external requirements, and ensuring that findings are clearly communicated and addressed. Their work helps maintain a strong security posture and supports informed decision-making across the business.

The Cyber Assurance Advisor I role operates within a complex and evolving digital environment where cyber threats are increasingly sophisticated and regulatory expectations continue to grow. This role sits within the second line of defence, providing independent oversight and assurance of cyber security controls across diverse domains including IT, OT, technical architecture, and supply chain. The postholders are expected to work collaboratively across business units, often engaging with technical and non-technical stakeholders to gather evidence, assess control effectiveness, and support remediation efforts.

A key challenge in this role is maintaining a consistent and risk-based approach to assurance across varied systems and environments, some of which may be legacy or operationally critical. Advisors must be able to interpret technical information, assess compliance against internal standards, and communicate findings in a clear and actionable manner. They are also required to stay current with emerging cyber threats, industry best practices, and changes in regulatory landscapes, ensuring that assurance activities remain relevant and effective.

The role demands strong analytical skills, attention to detail, and the ability to manage competing priorities in a dynamic setting. Advisors must balance the need for thorough assessment with the practical constraints of operational teams, often requiring negotiation and influence to drive improvements. As part of a growing cyber assurance function, the postholders also contribute to the development and refinement of assurance methodologies, tools, and reporting mechanisms, supporting the organisation’s broader cyber resilience objectives.

Principal Accountabilities

• Support the planning, coordination, and delivery of cyber assurance activities across IT, OT, technical architecture, and supply chain domains.
• Conduct cyber control testing, evidence reviews, and contribute to structured assurance assessments to evaluate the effectiveness of security measures.
• Assist in the development and presentation of assurance reports, dashboards, and metrics for internal stakeholders, enabling informed risk-based decisions.
• Maintain and update assurance documentation, including assessment records, evidence logs, and action tracking registers.
• Identify control weaknesses and/or gaps that create or increase risks.
• Collaborate with ICT, engineering, and supply chain teams to gather evidence, validate control implementation, and support timely remediation of identified issues.
• Contribute to regulatory and audit readiness by supporting evidence collation, documentation reviews, and preparation activities.
• Monitor and maintain awareness of emerging cyber threats, regulatory developments, and assurance best practices to inform assurance planning and execution.
• Support continuous improvement of assurance methodologies, tools, and processes to enhance the effectiveness and efficiency of cyber assurance activities.
• Participate in knowledge sharing and awareness initiatives to promote a strong cyber risk culture across the organisation.

Essential Skills

• Experience in cyber security, audit, risk management or assurance within a regulated or technical environment.
• Understanding of cyber security frameworks (e.g., NCSC CAF, ISO 27001, NIST CSF, NIST 800-53).
• Strong attention to detail and ability to follow structured assurance processes.
• Good communication and documentation skills.
• Degree or equivalent in cyber security, engineering, or a related field.
• Working toward or holding relevant certifications (e.g., ISO 27001 Auditor, CISA, GIAC).

Desirable Skills

• Experience in the nuclear or critical national infrastructure (CNI) sector.
• Familiarity with ONR SyAPs, NISR 2003, and HMG SPF.
• Experience with assurance tooling or evidence management platforms.

Additional Information

• Open VN
• Number of Vacancies: 2
• Contact/s: Nicola Lyons

The interviews for this vacancy are to be confirmed.

ASW’s may have the right to apply for internal Sellafield Ltd vacancies. Please note if you are an Agency Supplied Worker you are required to attach evidence of all qualifications obtained to support your application. We require a minimum of A*-C (9-4) GCSE in English Language, Maths & Science/IT or equivalent / higher qualification.

If you choose to apply for this role and your application is shortlisted by the hiring manager, you will be invited to a competency based interview.

Competencies will be provided if you are invited to interview.

Please see link to the competency framework for further information:
https://slportal.ssa-intra.net/pub/SC001/00027/Competency%20Framework/Forms/AllItems.aspx

If your technical competency is not in the above framework, please refer to the profession’s share point page for further information.

Sellafield Ltd are recognised as a Disability Confident Employer (Level 3). Disability Confident employers offer an interview to disabled applicants that meet the minimum criteria for a vacancy. Sellafield Ltd define the minimum criteria as the ‘essential skills’ which are listed on the vacancy notice. Whilst completing your application form, you will be able to indicate if you wish to be considered under the disability confident scheme. If you would prefer to discuss this directly with us, please contact the GBS Recruitment team on recruitment@sellafieldcloud.co.uk

Please ensure that you save a copy of this advert for future reference if you make an application for this role.

The closing date for this vacancy is 13th July 2026.