About Sellafield Ltd

Sellafield Ltd is one of the most complex nuclear sites in the world. Our evolution spans the history of the UK's nuclear industry. Incorporating one of the UK's leading portfolios of critical infrastructure projects, sitting alongside HS2, Crossrail, Tideway and Heathrow, Sellafield Ltd is responsible for the safe and secure operation and clean-up of the Sellafield nuclear site.

A wholly owned subsidiary of the Nuclear Decommissioning Authority (NDA), we are transforming the business into a sustainable operation for the future that focuses on environmental remediation. Delivering major projects is at the heart of Sellafield's operations. The Sellafield site is one of the biggest construction sites in Europe, with an annual spend on construction projects of £500-600m per year.

Job Description

The purpose of the role is to develop, implement and monitor a comprehensive enterprise information security and risk management programme in line with strategic input to ensure the integrity, confidentiality and availability of information owned, controlled or processed by the business. Based on Office for Nuclear Regulation (Nuclear Industries Security Regulations 2003) and supporting ONR Security Assessment Principles and relevant UK Cyber and Information Assurance policies, guidance relevant to nuclear, non-nuclear cyber security and, where appropriate privacy matters.

The role provides technical functional process development, management and expertise for cyber security and information assurance across Sellafield Limited (SL) and manages a medium sized team of CS&IA SMEs. This enables the organisation to operate effectively and in line with nuclear security regulation and other controlling regulation.

Provide direct input and technical expertise into the formulation and implementation of major Cyber Security & Information Assurance policies, objectives and plans, particularly with regard to future demands, the consideration of options, and longer-term performance of the business.

Responsibilities

• To act as the SL point of contact with the Office for Nuclear Regulation for relevant elements of regulatory interaction, engagements, interventions in relation to Sellafield Limited Nuclear Site Security Plan.
• To act as the SL point of contact with the HMG Information Commissioner Office (ICO) for regulatory interaction, engagements and interventions in relation to Data Protection Act 2018 and General Data Protection Regulations (UK GDPR).
• To maintain a working level oversight of Data Protection compliance in line with SL Data Protection Policy and the DPA 2018 and GDPR (UK)
• Work in conjunction with other IT, ICT and Cyber specialists across the enterprise to provide tactical and operational assurance, guidance and direction for the achievement of the desired Cyber Protection System.
• Ensure effective arrangements are in place to enable the Head of CS & IA Risk to work directly with the business to facilitate information risk assessment and risk management processes.
• Ensure effective arrangements are in place to enable the recording and reporting of information risk incidents to the Office of Nuclear Regulation in accordance with The Nuclear Industries Security Regulations 2003.
• Ensure effective arrangements are in place to enable the measuring and reporting of mandatory data handling compliance in accordance with the Data Protection Act 2018 and General Data Protection Regulations (UK GDPR).
• Ensure the provision of an effective incident response capability via the Cyber Security Operations Centre (CSOC)
• Create a risk-based process for vendor information risk management and CSOC Operations to communicate and implement that process, including assessment and treatment for risks that may result from partners and other service providers.
• Provide risk guidance for information related projects, including the evaluation and recommendation of information controls within the supply chain frameworks.
• Develop and manage a capability to respond to and recover from disruptive or destructive cyber and information security events as part of the wider Cyber Incident Response.
• Develop and maintain key stakeholder relationships, internally and externally, at local and national levels in order to influence, improve and promote SL capabilities and capacity.
• Support the ES&S Enterprise Leader / Capability Manager in the development of Enterprise Capability Plans (3-year resource forecast/plan) to enable the business to effectively discharges their regulatory commitments.
• Provide oversight and guidance to the tactical and operational integration with the Nuclear Decommissioning Authority (NDA) Group CSOC to establish clearly defined boundaries of responsibility.
• Provide oversight and guidance to the cyber threat intelligence in the Main Site Command Facility - Joint Intelligence Cell to provide the business with balanced cyber treat intelligence reporting.

Essential Skills

• Degree qualified or equivalent in a relevant technology security discipline with extensive work experience in the field of Cyber Security and Information Assurance.
• Recognised as a subject matter expert in the field of assurance, risk and have demonstrable experience as a senior practitioner.
• Have an authoritative knowledge in the area of Cyber Security and proven ability to lead strategic discussions with internal and external stakeholders.

Desirable Skills

• Hold or have held NCSC CCP or former CLAS qualification.
• Hold or have held certification such as CISO or CISSP or SAN equivalent.
• Experience in application of NISR, RIPA CMA and other relevant statutory instruments.
• Member of the CIISec or British Computer Society.
• Experience in a senior CS & IA role with wider knowledge of the Sellafield site and its operations, response arrangements and vulnerabilities.

Salary / Package

You can expect a competitive salary (depending on experience), annual bonus (company performance related), contributory pension, flexible/remote working and a range of other flexible benefits.

Please contact James Walsh - Business Director (Cyber Practice UK&I) on James.walsh1@hays.com to arrange a conversation.