Job Description

To lead the development and implementation of a strategic approach to cyber security culture, education, and awareness across Sellafield Ltd. The role will be responsible for embedding secure behaviours, reducing human-related cyber risk, and ensuring alignment with regulatory frameworks such as the Cyber Assessment Framework (CAF). This includes owning the strategic direction for cultural transformation, leading capability development, and working collaboratively across Cyber Security, HR, Training, and Communications to deliver enterprise-wide outcomes.

This is a newly established role within Sellafield Ltd’s Cyber Security function, created to address the increasing need for a strategic and coordinated approach to cyber security culture and awareness. The postholder will be instrumental in shaping how the organisation embeds secure behaviours and reduces human-related cyber risk. Operating in a complex and regulated environment, the role requires strong collaboration across multiple functions and the ability to influence cultural change at scale. The capability is in its early stages of maturity, requiring significant development to reach a business-as-usual standard, including the creation of career pathways, training programmes, and a motivated, skilled workforce.

Principal Accountabilities

• Own and deliver the Cyber Security Culture, Education & Awareness Strategy, aligned to CAF Objective B and the broader Cyber Security strategy.
• Lead the development and implementation of a Cyber Security Capability Plan focused on behavioural change, education, and awareness.
• Define and maintain a career pathway and competency framework for the Security Culture, Education & Awareness (SCEA) capability.
• Lead the creation and development of the SCEA capability, including talent pipeline strategy.
• Collaborate with HR, Training, Communications, and Unions to embed cyber awareness into organisational learning and development programmes.
• Undertake capability analysis to assess resourcing needs and support the identification and provision of appropriately skilled resources.
• Manage the rotation and development of resources, supporting enterprise-wide priorities.
• Identify and recommend development opportunities for personnel within the capability, including professional qualifications and external accreditation.
• Lead the development and delivery of cyber awareness campaigns, training packages, and behavioural change initiatives.
• Oversee the evaluation of education and awareness programmes to ensure effectiveness and alignment with business needs.
• Manage relationships with external providers and institutions to support the capability pipeline and training delivery.
• Provide career development advice and support to individuals.
• Ensure accurate and robust records are maintained within HR systems, including SQEP role mapping.
• Support the development of centres of expertise and knowledge management arrangements for CS&IA.
• Represent CS&IA in internal and external forums, promoting best practice and continuous improvement.

Authorities & Dimensions

• Line management of a small team 2 FTE.
• Budget accountability for education, awareness, and training initiatives.
• Strategic planning responsibility.
• Operates with autonomy within the Cyber Security strategy and profession framework.
• Influences senior stakeholders across Cyber Security, HR, and the wider organisation.

Essential Skills

• Proven experience in leading cyber security awareness, education, or behavioural change programmes.
• Strong understanding of cyber security principles, particularly human factors and risk mitigation.
• Excellent communication and stakeholder engagement skills, with the ability to influence at all levels.
• Experience in designing and delivering training and awareness content across varied formats.
• Familiarity with regulatory frameworks such as the NCSC Cyber Assessment Framework (CAF).
• Demonstrable experience of working in complex organisations with diverse stakeholder groups.
• Degree or equivalent experience in Cyber Security, Communications, Education, or a related field.
• Experience in capability development, workforce planning, and strategic resource management.

Desirable Skills

• Professional certifications such as SANS Security Awareness, SSCP, or similar.
• Experience working in or with nuclear or regulated industries.
• Understanding of Sellafield Ltd’s operations and ICT estate.
• Experience engaging with staff representatives and unions on cultural or behavioural initiatives.
• MSc or equivalent qualification in a relevant field.

Additional Information

• Open VN
• Number of Vacancies: 1
• Contact: Peter Fadeyibi

The interview dates for this vacancy are to be confirmed.

ASW’s may have the right to apply for internal Sellafield Ltd vacancies. Please note if you are an Agency Supplied Worker you are required to attach evidence of all qualifications obtained to support your application. We require a minimum of A*-C (9-4) GCSE in English Language, Maths & Science/IT or equivalent / higher qualification.

If you choose to apply for this role and your application is shortlisted by the hiring manager, you will be invited to a competency based interview.

Competencies will be provided if you are invited to interview.

Sellafield Ltd are recognised as a Disability Confident Employer (Level 3). Disability Confident employers offer an interview to disabled applicants that meet the minimum criteria for a vacancy. Sellafield Ltd define the minimum criteria as the ‘essential skills’ which are listed on the vacancy notice. Whilst completing your application form, you will be able to indicate if you wish to be considered under the disability confident scheme. If you would prefer to discuss this directly with us, please contact the GBS Recruitment team on recruitment@sellafieldcloud.co.uk

Please ensure that you save a copy of this advert for future reference if you make an application for this role.

The closing date for this vacancy is Monday 13th July 2026.