Job Description

The Cyber Assurance Principal Advisor is responsible for leading the delivery of second-line cyber assurance across key domains including IT, OT, technical architecture, and supply chain. The role ensures cyber security controls are effectively assessed, risks are independently evaluated, and assurance activities are aligned with organisational priorities.

They oversee a team of advisors, manage assurance planning and execution, and provide expert guidance on cyber risk and control effectiveness. The postholder acts as a key liaison between assurance, operational teams, and senior stakeholders, ensuring findings are clearly communicated and acted upon. They also support regulatory readiness, contribute to audit activities, and drive continuous improvement in assurance practices. The role requires strong leadership, technical insight, and the ability to influence across a complex and high-risk environment.

The Cyber Assurance Principal Advisor operates in a high-stakes, highly regulated environment where the protection of critical infrastructure and sensitive information is paramount. The role demands a deep understanding of cyber risk across diverse domains; IT, OT, technical architecture, and supply chain within a complex organisational and technological landscape. With increasing regulatory scrutiny and evolving threat vectors, the postholder must ensure that assurance activities are both rigorous and adaptable to emerging risks.

A key challenge lies in maintaining independence while working collaboratively with first-line teams across ICT, digital, engineering, and supply chain functions. The Principal Advisor must be able to challenge constructively, influence decision-making, and drive improvements without compromising relationships or operational delivery. The role also requires the ability to interpret and apply regulatory expectations, support audit and inspection readiness, and contribute to the organisation’s defensible assurance posture.

Operating under the Cyber Assurance Team Lead, the postholder plays a critical role in shaping assurance strategy, delivering high-quality assessments, and supporting the continuous improvement of cyber maturity. The environment is fast-paced and demands a proactive, analytical, and resilient approach to managing competing priorities and complex assurance challenges.

Principal Accountabilities

• Deliver second-line assurance activities across IT, OT, technical architecture, and supply chain domains.
• Conduct control effectiveness reviews, risk-based assessments, and thematic assurance activities.
• Provide expert input into the development of assurance frameworks, methodologies, and reporting.
• Collaborate with first-line teams and third-line audit to ensure comprehensive assurance coverage.
• Produce assurance reports and dashboards for governance forums and regulatory stakeholders.
• Support regulatory inspections and audits, including evidence collation and response coordination.
• Track and verify remediation of assurance findings and contribute to lessons learned. • Maintain awareness of emerging threats, technologies, and regulatory expectations to inform assurance planning.
• Lead, mentor, and develop a team of cyber assurance advisors to build capability and consistency.
• Promote a culture of cyber risk awareness and accountability across the organisation.

Authorities & Dimensions

• Budget Responsibility: None (contributes to assurance planning and resource prioritisation).
• Line Management: up to >5 resources.
• Decision-Making Authority: Authority to define assurance scope and report findings to the Cyber Assurance Team Lead.
• Reporting Line: Reports to Cyber Assurance Team Lead.

Essential Skills

• Strong experience in cyber assurance, audit, risk management or control testing within a regulated environment.
• In-depth understanding of cyber security frameworks (e.g., NCSC CAF, ISO 27001, NIST CSF, NIST 800-53).
• Domain-specific knowledge in at least one of: OT, IT, technical architecture, or supply chain security.
• Strong analytical, reporting, and stakeholder engagement skills.
• Degree or equivalent experience in cyber security, engineering, or a related field.
• Relevant certifications (e.g., CISA, CISSP, ISO 27001 Lead Auditor, GIAC, CRISC).

Desirable Skills

• Experience in the nuclear or critical national infrastructure (CNI) sector.
• Familiarity with ONR SyAPs, NISR 2003, and HMG SPF.
• Experience with assurance automation or continuous control monitoring.
• Knowledge of risk-based assurance methodologies and tooling.

Additional Information

• Open VN
• Number of Vacancies: 1
• Contact/s: Nicola Lyons

The interviews for this vacancy are to be confirmed.

ASW’s may have the right to apply for internal Sellafield Ltd vacancies. Please note if you are an Agency Supplied Worker you are required to attach evidence of all qualifications obtained to support your application. We require a minimum of A*-C (9-4) GCSE in English Language, Maths & Science/IT or equivalent / higher qualification.

If you choose to apply for this role and your application is shortlisted by the hiring manager, you will be invited to a competency based interview.

Competencies will be provided if you are invited to interview.

Please see link to the competency framework for further information:
https://slportal.ssa-intra.net/pub/SC001/00027/Competency%20Framework/Forms/AllItems.aspx

If your technical competency is not in the above framework, please refer to the profession’s share point page for further information.

Sellafield Ltd are recognised as a Disability Confident Employer (Level 3). Disability Confident employers offer an interview to disabled applicants that meet the minimum criteria for a vacancy. Sellafield Ltd define the minimum criteria as the ‘essential skills’ which are listed on the vacancy notice. Whilst completing your application form, you will be able to indicate if you wish to be considered under the disability confident scheme. If you would prefer to discuss this directly with us, please contact the GBS Recruitment team on recruitment@sellafieldcloud.co.uk

Please ensure that you save a copy of this advert for future reference if you make an application for this role.

The closing date for this vacancy is 13th July 2026.