Job Description

Cyber Risk Management roles are responsible for embedding effective cyber risk management across Sellafield Ltd. They ensure cyber risks are identified, assessed, and treated in alignment with business objectives and enterprise risk frameworks. These roles drive the development and application of risk methodologies, tools, and reporting to support informed decision-making. The Cyber Risk Manager delivers operational risk assessments, engages with stakeholders, and supports continuous improvement of risk processes. The Senior Cyber Risk Manager provides strategic oversight, leads on complex risk areas, and supports regulatory and executive engagement. Both roles contribute to strengthening cyber resilience, promoting risk awareness, and ensuring cyber risk is managed proactively across the organisation.

Job Context and Challenges

Operating within a complex, highly regulated, and security-critical environment, the Cyber Risk Manager and Senior Cyber Risk Manager play a central role in safeguarding the organisation against evolving cyber threats. These roles function across two levels requiring both the delivery of day-to-day risk assessments and the strategic oversight of broader risk domains. The environment demands a careful balance between maintaining regulatory compliance and enabling operational effectiveness. Success in these roles depends on the ability to engage with a wide range of stakeholders, translating technical cyber risks into clear, actionable business terms. Both roles support the Head of Governance, Risk, Compliance & Assurance (GRCA) and the Cyber Risk Team Lead in sustaining a defensible and transparent cyber risk posture. They must also navigate shifting threat landscapes, emerging technologies, and increasing scrutiny from regulators and internal governance bodies, all while embedding a culture of cyber risk awareness across the organisation.

Principal Accountabilities

• Conduct and support cyber risk assessments across systems, services, and projects.
• Maintain and update the cyber risk register, ensuring timely escalation of significant risks.
• Collaborate with ICT, business units, and project teams to embed cyber risk management practices.
•Support the development and implementation of cyber risk frameworks, tools, and methodologies.
• Provide expert advice on cyber risk mitigation strategies and treatment plans.
• Contribute to the development of risk reporting for governance forums and regulatory bodies.
• Monitor emerging threats and assess their potential impact on the organisation’s risk posture.
• Promote cyber risk awareness and training across the organisation.

Authorities and Dimensions

• Budget Responsibility: Contributes to cyber risk management activities within the GRCA budget.
• Line Management: Senior role may matrix manage or act as a mentor.
• Decision-Making Authority: Authority to recommend risk treatment options and escalate risks.
• Reporting Line: Reports to Cyber Risk Team Lead.

Essential Skills

• Experience in cyber risk management, ideally within a regulated or critical infrastructure environment.
• Understanding of cyber risk frameworks (e.g., ISO 27005, NIST, FAIR) and the NCSC CAF.
• Degree or equivalent in cyber security, risk management, or a related field.
• Relevant certifications (e.g., CRISC, CISSP, ISO 27005 Risk Manager).

Desirable Skills

• Experience in the nuclear or CNI sector.
• Familiarity with ONR SyAPs, NISR 2003, and HMG SPF.
• Experience with risk quantification or risk tooling platforms.

Additional Information

• Open VN
• Number of Vacancies: 3
• Contact: Graeme Mcgibbney

The interview dates for this vacancy are to be confirmed.

ASW’s may have the right to apply for internal Sellafield Ltd vacancies. Please note if you are an Agency Supplied Worker you are required to attach evidence of all qualifications obtained to support your application. We require a minimum of A*-C (9-4) GCSE in English Language, Maths & Science/IT or equivalent / higher qualification.

Competencies will be provided if you are invited to interview.

Sellafield Ltd are recognised as a Disability Confident Employer (Level 3). Disability Confident employers offer an interview to disabled applicants that meet the minimum criteria for a vacancy. Sellafield Ltd define the minimum criteria as the ‘essential skills’ which are listed on the vacancy notice. Whilst completing your application form, you will be able to indicate if you wish to be considered under the disability confident scheme. If you would prefer to discuss this directly with us, please contact the GBS Recruitment team on recruitment@sellafieldcloud.co.uk

Please ensure that you save a copy of this advert for future reference if you make an application for this role.

The closing date for this vacancy is 5th July 2026.