Blend personal growth and professional development with purposeful work

At Sellafield Ltd, we are harnessing our expertise; bringing together world-class skills and innovative technology to solve complex nuclear, infrastructure, and engineering challenges. By joining Sellafield Ltd, you join an amazing team of people, from all walks of life, where you can thrive in a connected, considerate culture of innovation, collaboration, and community; and play a significant part in the UK’s sustainable nuclear future.​

The challenges we face are amongst the most complex anywhere in the world. We are using advanced technologies to shape, create and advance the world’s nuclear decommissioning knowledge and capability. That’s why our work is driven by people with a passion for problem-solving and innovation.

About the role

The Strategy & Policy Team Lead plays a key role in supporting the Deputy CISO by overseeing strategic cyber security initiatives, refining governance processes, fostering cross-functional collaboration, and strengthening communication across the organisation. This role also drives the development of security awareness, education, and culture throughout the business.

Acting as a trusted advisor and liaison, the Team Lead helps align cyber risk management, compliance efforts, and leadership engagement. They contribute to shaping the broader cyber security strategy and enhancing the Cyber Security & Information Assurance team’s long-term capability and resource planning. Additionally, they promote risk awareness and translate strategic security objectives into actionable insights for senior leadership.

A key challenge lies in reviewing existing policies and standards, identifying gaps, and establishing a coherent and forward-looking framework that aligns with regulatory expectations and business needs. This includes building a strong reference model and ensuring consistency across IT and OT environments.

The role requires a deep understanding of cyber security projects across the organisation, particularly within ICT & Digital, to ensure CS&IA is effectively integrated and resourced to support delivery. Operating in a complex and evolving threat landscape, the role must balance strategic oversight with hands-on delivery, ensuring that cyber risk is well understood, communicated, and managed across the enterprise.

Key responsibilities

• Drive continuous improvement of cyber security processes, controls, and metrics to enhance resilience and reduce risk.
• Support the Deputy CISO in shaping and delivering the cyber security strategy, including talent planning and resource coordination.
• Coordinate governance boards and meetings, and prepare executive briefings, board papers, and stakeholder presentations.
• Act as a key liaison with NDA, GICC, and other oversight bodies, managing cross-cutting issues and urgent priorities.
• Develop and maintain cyber security policies, standards, and procedures, ensuring alignment with regulatory and organisational requirements.
• Maintain the cyber risk register and ensure accurate reporting of key metrics, maturity indicators, and dashboards for leadership.
• Lead internal cyber awareness campaigns and training initiatives to embed a strong security culture.
• Enhance governance processes, documentation standards, and operational workflows.
• Promote automation and innovation in compliance and assurance activities to improve efficiency and transparency.
• Directly manage a team of three within the Cyber Security Strategy & Policy function.

Your Skills and Qualifications

• Proven experience in drafting, reviewing, and implementing cyber security policies, procedures, and standards.
• Degree or equivalent professional experience in cyber security, information assurance, risk management, or a related discipline.
• Strong understanding of cyber risk management, including qualitative and quantitative risk assessments and maintenance of risk registers.
• Demonstrated ability to develop and track cyber security metrics, including dashboards and reporting for senior executives and governance forums.
• Familiarity with regulatory and legislative frameworks such as ONR SyAPs, CAF, NIS/NIS2, DPA, and GDPR.
• Experienced in engaging a wide range of stakeholders, including technical teams, business units, and risk, audit, and compliance functions.
• Proficient in data visualisation tools such as Power BI, Excel, and ServiceNow dashboards.
• Experience supporting cyber security awareness and culture change initiatives, including campaigns, briefings, and training delivery.

Skills considered desirable

• Experience in the nuclear, critical national infrastructure, or similarly regulated sectors.
• Knowledge of information security frameworks and standards (e.g., ISO/IEC 27001, ISO 27005, NIST CSF, CAF, NIST SP 800-53, CIS Controls).
• Familiarity with enterprise risk management frameworks and integration of cyber risk into broader business risk processes.
• Understanding of assurance models (1st, 2nd, 3rd line) and their application in cyber security.
• Experience with supplier assurance frameworks and third-party risk management tools.
• Experience working within federated or group structures (e.g., NDA Group) to align assurance practices.
• Awareness of digital transformation and its impact on cyber governance and risk.
• Experience engaging with regulatory bodies such as the ONR or ICO.

Why us?

At Sellafield Ltd, we are committed to supporting our employees in fulfilling their potential. With having 100 years of work in front of us, we offer comprehensive training and development opportunities, enabling you to feel inspired in your role. Whatever area you join us in, you’ll find a genuinely exciting and rewarding career.

Making sure our employees feel supported is important to us. Therefore, to help you get the most out of life in and outside of work, we also offer a range of employee benefits:
• You will benefit from an annual bonus of up to 15%, made up of company and personal performance
• An attractive defined contribution pension scheme – the company will match up to 13.5% for a 7% employee contribution!
• 30 days annual leave + bank holidays. Plus, the ability to purchase an extra 2.5 days per year.
• The ability to carry over 10 days annual leave each financial year
• Paid Sick Leave
• Family Friendly Policies – Visit our Rewards & Benefits page to read more
• Cycle to Work Scheme
• Lifestyle Benefits sasra.co.uk
• Learning & Development Opportunities https://careers.sellafieldsite.co.uk/work-with-us/learning-and-development/
• Reward & Recognition Policies
• Welfare & Employee Assistance Programme
• Free Aviva Health App & Annual Health Check
• MyDiscounts – Employee Savings & Discounts
• MyBenefits – A Charity Giving Scheme
• Many, many more! Click this link to visit our Rewards & Benefits page: https://careers.sellafieldsite.co.uk/work-with-us/rewards-and-benefits/

Sellafield Ltd is a unique place to grow your career, offering a remarkable blend of role variety, job security, personal growth, professional development, and truly significant work. This is your opportunity to tackle some of the biggest challenges in the nuclear, infrastructural and engineering worlds and create a clean and safe environment for generations to come. Explore Sellafield Ltd today.

Sellafield Ltd are recognised as a Disability Confident Employer (Level 3). Disability Confident employers offer an interview to disabled applicants that meet the minimum criteria for a vacancy. Sellafield Ltd define the minimum criteria as the ‘essential skills’ which are listed on the vacancy notice. Whilst completing your application form, you will be able to indicate if you wish to be considered under the disability confident scheme. If you would prefer to discuss this directly with us, please contact the GBS Recruitment team on recruitment@sellafieldcloud.co.uk.