Job Description

As a Cyber Policy Advisor, you will play a key role in shaping and implementing cyber security and resilience policies across Sellafield Ltd decommissioning estate. You will work closely with internal teams, government departments, regulators, and industry stakeholders to identify cyber risks and develop strategic responses.

Principal Accountabilities

• Develop and maintain cyber security and information assurance policies aligned with national standards (e.g., NCSC, NIS Regulations, ONR guidance).
• Provide expert policy advice to IT, cyber operations, and senior leadership teams.
• Monitor regulatory changes and emerging threats to ensure policy relevance and compliance.
• Collaborate with internal stakeholders (e.g., IT, Legal, Risk, Operations) and external partners (e.g., ONR, NCSC, DESNZ).
• Support audits, inspections, and assurance activities related to cyber governance.
• Lead or contribute to cyber incident response planning and policy updates.

Authorities & Dimensions

• Policy Ownership: Authority to draft, approve, and enforce cyber security policies across IT and OT environments.
• Advisory Influence: Trusted advisor to senior management, with authority to escalate cyber risks and recommend strategic actions.
• Regulatory Liaison: Acts as the point of contact for cyber policy matters with external regulators (e.g., ONR, NCSC, DESNZ).
• Governance Leadership: Chairs or contributes to internal cyber governance boards and working groups.
• Scope: Organisation-wide, covering both corporate IT systems and operational technology (OT) environments.
• Stakeholder Reach: Interfaces with internal teams (IT, Risk, Legal, Operations) and external bodies (government, regulators, industry partners).
• Impact: Direct influence on the organization’s cyber resilience posture, regulatory compliance, and reputation.
• Budgetary Influence: May contribute to budget planning for cyber policy initiatives, training, and tooling.
• Team Collaboration: Works closely with cyber operations, information assurance, and digital transformation teams.

Essential Skills

• Strong understanding of cyber security frameworks (e.g., ISO 27001, NIST, CAF).
• Experience in policy development, risk management, or cyber governance.
• Familiarity with UK regulatory landscape for critical national infrastructure (CNI), especially in the nuclear sector.
• Excellent written and verbal communication skills, with the ability to translate technical concepts into policy language.
• Proven ability to work with multidisciplinary teams and external regulators.

Desirable Skills

• Experience working in or with the nuclear industry or other high-hazard sectors.
• Knowledge of Operational Technology (OT) and Industrial Control Systems (ICS) cyber risks.
• Understanding of the Civil Nuclear Cyber Security Strategy and associated guidance.
• Relevant certifications (e.g., CISSP, CISM, ISO 27001 Lead Implementer/Auditor).

Additional Information

• Open VN
• Number of Vacancies: 2
• Contact/s: Jonathan Dykes

The interviews for this vacancy are to be confirmed.

ASW’s may have the right to apply for internal Sellafield Ltd vacancies. Please note if you are an Agency Supplied Worker you are required to attach evidence of all qualifications obtained to support your application. We require a minimum of A*-C (9-4) GCSE in English Language, Maths & Science/IT or equivalent / higher qualification.

If you choose to apply for this role and your application is shortlisted by the hiring manager, you will be invited to a competency based interview.

Competencies will be provided if you are invited to interview.

Please see link to the competency framework for further information:
https://slportal.ssa-intra.net/pub/SC001/00027/Competency%20Framework/Forms/AllItems.aspx

If your technical competency is not in the above framework, please refer to the profession’s share point page for further information.

Sellafield Ltd are recognised as a Disability Confident Employer (Level 3). Disability Confident employers offer an interview to disabled applicants that meet the minimum criteria for a vacancy. Sellafield Ltd define the minimum criteria as the ‘essential skills’ which are listed on the vacancy notice. Whilst completing your application form, you will be able to indicate if you wish to be considered under the disability confident scheme. If you would prefer to discuss this directly with us, please contact the GBS Recruitment team on recruitment@sellafieldcloud.co.uk

Please ensure that you save a copy of this advert for future reference if you make an application for this role.

The closing date for this vacancy is 5th July 2026.