Overview
We are seeking a Head of GRCA to define and lead the strategic direction of cyber governance, risk management, compliance and assurance across Sellafield Ltd. This is a pivotal leadership role in safeguarding Sellafield Ltd's digital and operational environments, operating within a highly regulated and complex nuclear sector. The successful candidate will be responsible for developing and embedding governance frameworks, risk strategies, and assurance activities that go beyond regulatory compliance, ensuring cyber security is integrated into business decision-making and operational delivery. As a senior leader within the business, you will shape Sellafield Ltd's cyber security posture and alignment with organizational priorities and the wider nuclear sector. The Head of GRCA will lead a specialist team and work closely with senior leaders across the Enterprise to ensure cyber risk is effectively managed and communicated.
Responsibilities
* Act as Process Owner for Cyber Security governance, risk, compliance, and assurance across Sellafield Ltd, ensuring frameworks remain effective, integrated, and aligned with enterprise risk strategy.
* Lead and develop a high-performing GRCA team, fostering a culture of accountability, collaboration, and continuous improvement.
* Provide strategic leadership on cyber governance and assurance across ICT, shaping policy, risk posture, and compliance strategy in line with business and regulatory priorities.
* Oversee the development and delivery of 2nd line assurance capabilities, working with 1st and 3rd line teams to maintain confidence in cyber controls and risk management.
* Drive continuous improvement of cyber security processes, controls, and metrics to enhance resilience, reduce risk, and support secure business operations.
* Ensure cyber security is integrated with physical and personnel security functions to deliver a unified, risk-based approach to security.
* Lead engagement with the Office for Nuclear Regulation (ONR) on GRCA matters, deputising for the CISO as required on other cyber security matters.
* Lead cyber security assurance of third-party suppliers and service providers, including risk assessments, critical supplier identification, and ongoing assurance activities across the supply chain.
* Shape executive decision-making through expert risk reporting, insight, and recommendations, acting as a senior escalation point for complex GRCA issues.
* Champion automation and innovation in compliance and assurance activities to improve efficiency, transparency, and responsiveness.
Qualifications and Experience
* Proven leadership in cyber security governance, risk management, compliance, and assurance within a complex, regulated environment.
* Deep understanding of cyber security frameworks, standards, and regulations (e.g. NISR, ONR SyAPs, HMG SPF, GDPR, DPA 2018).
* Experience in assessing and managing cyber risk across third-party and supply chain ecosystems.
* Ability to influence procurement and commercial processes to embed cyber security requirements.
* Strong strategic thinking and decision-making skills, with the ability to influence at senior levels.
* Experience in leading cross-functional teams and managing through others to deliver outcomes.
* Excellent communication and stakeholder engagement skills, with the ability to translate complex risk and compliance issues into business-relevant language.
* Demonstrated ability to chair governance forums and lead risk-based discussions with senior stakeholders.
* Experience working in or with the nuclear, critical national infrastructure, or similarly regulated sectors is desirable.
* Familiarity with enterprise risk management frameworks and integration of cyber risk into broader business risk processes.
* Knowledge of assurance models (1st, 2nd, 3rd line) and their application in cyber security.
* Familiarity with supplier assurance frameworks and third-party risk management tools.
* Experience working in a federated or group structure (e.g. NDA Group) to align supplier assurance practices.
* Understanding of digital transformation and its implications for cyber governance and risk.
* Experience engaging with regulatory bodies such as the ONR or ICO.
Benefits
* Annual bonus of up to 15% (company and personal performance).
* Defined contribution pension scheme with company matching up to 13.5% for a 7% employee contribution.
* 30 days annual leave plus bank holidays, with the option to purchase 2.5 extra days per year and carry over 10 days.
* Paid sick leave and family-friendly policies.
* Cycle to work scheme and various lifestyle benefits.
* Learning and development opportunities and employee assistance programmes.
* Rewards, recognition, and employee savings/discounts programs.
* Additional benefits available on our Rewards & Benefits page.
#J-18808-Ljbffr