Play a significant part in the UK’s sustainable nuclear future

At Sellafield Ltd, we are harnessing our expertise; bringing together world-class skills and innovative technology to solve complex nuclear, infrastructure, and engineering challenges. By joining Sellafield Ltd, you join an amazing team of people, from all walks of life, where you can thrive in a connected, considerate culture of innovation, collaboration, and community; and play a significant part in the UK’s sustainable nuclear future.​

The challenges we face are amongst the most complex anywhere in the world. We are using advanced technologies to shape, create and advance the world’s nuclear decommissioning knowledge and capability. That’s why our work is driven by people with a passion for problem-solving and innovation.

About the role

We are seeking a Head of GRCA to define and lead the strategic direction of cyber governance, risk management, compliance and assurance across Sellafield Ltd. This is a pivotal leadership role in safeguarding Sellafield Ltd’s digital and operational environments, operating within a highly regulated and complex nuclear sector.

The successful candidate will be responsible for developing and embedding governance frameworks, risk strategies, and assurance activities that go beyond regulatory compliance, the role ensures cyber security is integrated into business decision-making and operational delivery. As a senior leader within the business, you will be responsible for shaping Sellafield Ltd’s cyber security posture and ensuring alignment with both organizational priorities and the wider nuclear sector. The Head of GRCA will lead a specialist team and work closely with senior leaders across the Enterprise to ensure cyber risk is effectively managed and communicated.

Key responsibilities

• Act as Process Owner for Cyber Security governance, risk, compliance, and assurance across Sellafield Ltd, ensuring frameworks remain effective, integrated, and aligned with enterprise risk strategy.
• Lead and develop a high-performing GRCA team, fostering a culture of accountability, collaboration, and continuous improvement.
• Provide strategic leadership on cyber governance and assurance across ICT, shaping policy, risk posture, and compliance strategy in line with business and regulatory priorities.
• Oversee the development and delivery of 2nd line assurance capabilities, working with 1st and 3rd line teams to maintain confidence in cyber controls and risk management.
• Drive continuous improvement of cyber security processes, controls, and metrics to enhance resilience, reduce risk, and support secure business operations.
• Ensure cyber security is integrated with physical and personnel security functions to deliver a unified, risk-based approach to security.
• Lead engagement with the Office for Nuclear Regulation (ONR) on GRCA matters, deputising for the CISO as required on other cyber security matters.
• Lead cyber security assurance of third-party suppliers and service providers, including risk assessments, critical supplier identification, and ongoing assurance activities across the supply chain.
• Shape executive decision-making through expert risk reporting, insight, and recommendations, acting as a senior escalation point for complex GRCA issues.
• Champion automation and innovation in compliance and assurance activities to improve efficiency, transparency, and responsiveness.

Your skills and qualifications

• Proven leadership in cyber security governance, risk management, compliance, and assurance within a complex, regulated environment.
• Deep understanding of cyber security frameworks, standards, and regulations (e.g. NISR, ONR SyAPs, HMG SPF, GDPR, DPA 2018).
• Experience in assessing and managing cyber risk across third-party and supply chain ecosystems.
• Ability to influence procurement and commercial processes to embed cyber security requirements.
• Strong strategic thinking and decision-making skills, with the ability to influence at senior levels.
• Experience in leading cross-functional teams and managing through others to deliver outcomes.
• Excellent communication and stakeholder engagement skills, with the ability to translate complex risk and compliance issues into business-relevant language.
• Demonstrated ability to chair governance forums and lead risk-based discussions with senior stakeholders.

Skills considered desirable

• Experience working in or with the nuclear, critical national infrastructure, or similarly regulated sectors.
• Familiarity with enterprise risk management frameworks and integration of cyber risk into broader business risk processes.
• Knowledge of assurance models (1st, 2nd, 3rd line) and their application in cyber security.
• Familiarity with supplier assurance frameworks and third-party risk management tools.
• Experience working in a federated or group structure (e.g. NDA Group) to align supplier assurance practices.
• Understanding of digital transformation and its implications for cyber governance and risk.
• Experience engaging with regulatory bodies such as the ONR or ICO.

Why us?

At Sellafield Ltd, we are committed to supporting our employees in fulfilling their potential. With having 100 years of work in front of us, we offer comprehensive training and development opportunities, enabling you to feel inspired in your role. Whatever area you join us in, you’ll find a genuinely exciting and rewarding career.

Making sure our employees feel supported is important to us. Therefore, to help you get the most out of life in and outside of work, we also offer a range of employee benefits:
• You will benefit from an annual bonus of up to 15%, made up of company and personal performance.
• An attractive defined contribution pension scheme – the company will match up to 13.5% for a 7% employee contribution!
• 30 days annual leave + bank holidays. Plus, the ability to purchase an extra 2.5 days per year.
• The ability to carry over 10 days annual leave each financial year.
• Paid Sick Leave.
• Family Friendly Policies – Visit our Rewards & Benefits page to read more.
• Cycle to Work Scheme.
• Lifestyle Benefits sasra.co.uk
• Learning & Development Opportunities https://careers.sellafieldsite.co.uk/work-with-us/learning-and-development/
• Reward & Recognition Policies.
• Welfare & Employee Assistance Programme.
• Free Aviva Health App & Annual Health Check.
• MyDiscounts – Employee Savings & Discounts
• MyBenefits – A Charity Giving Scheme.
• Many, many more! Click this link to visit our Rewards & Benefits page: https://careers.sellafieldsite.co.uk/work-with-us/rewards-and-benefits/

Sellafield Ltd is a unique place to grow your career, offering a remarkable blend of role variety, job security, personal growth, professional development, and truly significant work. This is your opportunity to tackle some of the biggest challenges in the nuclear, infrastructural and engineering worlds and create a clean and safe environment for generations to come. Explore Sellafield Ltd today.

Sellafield Ltd are recognised as a Disability Confident Employer (Level 3). Disability Confident employers offer an interview to disabled applicants that meet the minimum criteria for a vacancy. Sellafield Ltd define the minimum criteria as the ‘essential skills’ which are listed on the vacancy notice. Whilst completing your application form, you will be able to indicate if you wish to be considered under the disability confident scheme. If you would prefer to discuss this directly with us, please contact the GBS Recruitment team on recruitment@sellafieldcloud.co.uk.