Job Description

The Cyber Process Manager is responsible for designing, implementing, and continuously improving cyber security processes across Sellafield Ltd to ensure they are efficient, consistent, and aligned with regulatory, operational, and business requirements. The role plays a critical part in embedding structured, repeatable, and auditable practices that underpin the organisation’s compliance, and assurance activities.

Operating within a highly regulated and technically complex environment, the postholder works closely with compliance, assurance, and ICT delivery teams to ensure that cyber processes are integrated into day-to-day operations and support strategic objectives. The role also contributes to audit readiness, regulatory engagement, and the development of a mature, process-driven cyber security function that can adapt to evolving threats and expectations.

Principal Accountabilities

• Lead the design, documentation, and implementation of cyber security processes and workflows.
• Ensure cyber processes align with CAF principles, regulatory requirements (e.g., ONR SyAPs, NISR 2003), and internal governance frameworks.
• Collaborate with cyber risk, compliance, and assurance teams to ensure process integration and consistency.
• Monitor process performance using KPIs and metrics; identify and implement improvements.
• Support internal and external audits by ensuring process documentation and evidence are maintained and accessible.
• Act as a subject matter expert on cyber process management, providing guidance to ICT and business stakeholders.
• Drive process automation and standardisation to improve efficiency and reduce operational risk.
• Maintain a central repository of cyber security process documentation and ensure version control and accessibility.
• Support regulatory engagement with the ONR by ensuring cyber security processes are transparent, well-documented, and demonstrably aligned with regulatory expectations. Provide evidence and process insights during inspections, audits, and formal reviews.
• Support the Head of GRCA and Cyber Risk Team Lead in embedding a culture of process excellence and continuous improvement.

Authorities & Dimensions:

• Budget Responsibility: Contributes to process improvement initiatives within the GRCA budget.
• Matrixed Line Management responsibility.
• Decision-Making Authority: Authority to define and approve cyber process documentation and improvement plans.

Essential Skills

• Strong experience in process design and improvement, ideally within a cyber security or ICT environment.
• Familiarity with process frameworks such as ITIL, COBIT, or ISO 27001.
• Understanding of cyber security principles and regulatory requirements (e.g., CAF, NISR, ONR SyAPs).
• Experience with process mapping tools and techniques (e.g., BPMN, Visio).
• Strong analytical, documentation, and stakeholder engagement skills.
• Degree or equivalent in cyber security, business process management, or a related field.  Relevant certifications (e.g., ITIL, Lean Six Sigma, ISO 27001 Implementer).

Desirable Skills

• Experience in the nuclear or critical national infrastructure (CNI) sector.
• Familiarity with CAF maturity assessments and process audit readiness.
• Experience with process automation tools or platforms (e.g., ServiceNow, Power Automate).
• Knowledge of quality management systems and continuous improvement methodologies.

Additional Information

• Open VN
• Number of Vacancies: 1
• Contact/s: Katie Holmes

ASW’s may have the right to apply for internal Sellafield Ltd vacancies. Please note if you are an Agency Supplied Worker you are required to attach evidence of all qualifications obtained to support your application. We require a minimum of A*-C (9-4) GCSE in English Language, Maths & Science/IT or equivalent / higher qualification.

If you choose to apply for this role and your application is shortlisted by the hiring manager, you will be invited to a competency based interview. Competencies will be issued following successful shortlisting.

Please see link to the competency framework for further information:
https://slportal.ssa-intra.net/pub/SC001/00027/Competency%20Framework/Forms/AllItems.aspx

If your technical competency is not in the above framework, please refer to the profession’s share point page for further information.

Sellafield Ltd are recognised as a Disability Confident Employer (Level 3). Disability Confident employers offer an interview to disabled applicants that meet the minimum criteria for a vacancy. Sellafield Ltd define the minimum criteria as the ‘essential skills’ which are listed on the vacancy notice. Whilst completing your application form, you will be able to indicate if you wish to be considered under the disability confident scheme. If you would prefer to discuss this directly with us, please contact the GBS Recruitment team on recruitment@sellafieldcloud.co.uk

Please ensure that you save a copy of this advert for future reference if you make an application for this role.

The closing date for this vacancy is Monday 27th July 2026.

Cyber Process Manager

Job number

SP06734

Profession

IT Information Services

Location

Sellafield or Risley

Contract type

Internal Recruitment

Posting date

12 July 2026

Closing date

27 July 2026

Band

3B Lower

Work Schedule

Days