Job Description

As a Cyber Strategy Manager you will lead the development and execution of the organisation’s cyber security strategy, ensuring alignment with national security priorities, regulatory requirements, and operational resilience goals. The Cyber Strategy Manager will drive strategic initiatives that enhance cyber maturity across IT and OT environments, enabling secure digital transformation in a high-consequence nuclear setting.

Principal Accountabilities

• Develop and maintain a long-term cyber strategy aligned with organisational objectives and national frameworks (e.g., NCSC, ONR, BEIS).
• Lead strategic planning for cyber risk management, resilience, and capability development.
• Oversee cyber maturity assessments and drive continuous improvement initiatives.
• Coordinate cross-functional cyber programmes, including governance, awareness, and innovation.
• Engage with senior leadership to ensure cyber strategy is embedded in business planning and decision-making.
• Represent the organisation in external strategic forums, including government and industry working groups.
• Monitor emerging threats, technologies, and regulatory changes to inform strategic direction.
• Provide strategic oversight of cyber investment planning, including budget prioritisation and resource allocation.

Knowledge & Experience

• Strategic Leadership: Authority to define and implement the cyber strategy across the organisation.
• Policy Direction: Influence over cyber policy development and alignment with strategic goals.
• Budgetary Input: Authority to recommend and prioritise cyber-related investments and resource allocations.
• Stakeholder Engagement: Acts as the strategic liaison with external bodies (e.g., ONR, NCSC, NDA, DESNZ).
• Programme Oversight: Leads or sponsors major cyber programmes and initiatives.
• Scope: Organisation-wide, covering both corporate IT and Operational Technology (OT) environments.
• Strategic Impact: Direct influence on cyber posture, regulatory compliance, and digital transformation.
• Team Leadership: May manage a small team of cyber strategists, analysts, or programme leads.
• Budget Influence: Contributes to multi-million-pound cyber investment planning and prioritisation.
• Stakeholder Reach: Interfaces with executive leadership, regulators, government departments, and industry partners.

Essential Skills

• Proven experience in cyber strategy, governance, or risk management within a regulated or high-consequence environment.
• Strong understanding of cyber security frameworks (e.g., NIST CSF, ISO 27001, CAF).
• Demonstrable experience in leading cross-functional cyber initiatives or programmes.
• Excellent communication and stakeholder engagement skills, including experience working with senior leadership.
• Familiarity with UK cyber regulations and guidance (e.g., NIS Regulations, ONR Cyber Security Guidance, NCSC principles).
• Ability to translate complex technical and regulatory requirements into strategic direction.
• Eligible for SC or DV security clearance.

Desirable Skills

• Experience in the nuclear sector or other Critical National Infrastructure (CNI) domains.
• Knowledge of Operational Technology (OT) and Industrial Control Systems (ICS) cyber risks.
• Experience engaging with UK regulators (e.g., ONR, NCSC, DESNZ).
• Relevant certifications such as CISSP, CISM, SABSA, or ISO 27001 Lead Implementer.
• Experience in cyber investment planning or business case development.
• Familiarity with enterprise architecture or digital transformation programmes.

Additional Information

• Open VN
• Number of Vacancies: 1
• Contact/s: Jonathan Dykes

The interviews for this vacancy are to be confirmed.

ASW’s may have the right to apply for internal Sellafield Ltd vacancies. Please note if you are an Agency Supplied Worker you are required to attach evidence of all qualifications obtained to support your application. We require a minimum of A*-C (9-4) GCSE in English Language, Maths & Science/IT or equivalent / higher qualification.

If you choose to apply for this role and your application is shortlisted by the hiring manager, you will be invited to a competency based interview.

Competencies will be provided if you are invited to interview.

Please see link to the competency framework for further information:
https://slportal.ssa-intra.net/pub/SC001/00027/Competency%20Framework/Forms/AllItems.aspx

If your technical competency is not in the above framework, please refer to the profession’s share point page for further information.

Sellafield Ltd are recognised as a Disability Confident Employer (Level 3). Disability Confident employers offer an interview to disabled applicants that meet the minimum criteria for a vacancy. Sellafield Ltd define the minimum criteria as the ‘essential skills’ which are listed on the vacancy notice. Whilst completing your application form, you will be able to indicate if you wish to be considered under the disability confident scheme. If you would prefer to discuss this directly with us, please contact the GBS Recruitment team on recruitment@sellafieldcloud.co.uk

Please ensure that you save a copy of this advert for future reference if you make an application for this role.

The closing date for this vacancy is Monday 13th July 2026.

What we’re proud of:

This newly established role sits at the core of Sellafield Ltd’s cyber security transformation, within a sector designated as Critical National Infrastructure (CNI). The organisation operates under stringent regulatory oversight from bodies such as the Office for Nuclear Regulation (ONR) and aligns with the Civil Nuclear Cyber Security Strategy. The Cyber Strategy Manager is responsible for shaping and aligning the organisation’s cyber strategy to meet both operational and regulatory demands, while enabling secure digital transformation. The role must address the complexities of integrating cyber resilience into legacy systems and OT environments, respond to increasingly sophisticated threats, and drive cultural change across technical and non-technical teams. Operating in a safety-first culture, the postholder must balance strategic ambition with resource constraints and navigate continuous external scrutiny from regulators and government stakeholders.