Cyber Risk Consultant

On behalf of Sellafield, we are looking for a Cyber Risk Consultant (InsideIR35) for a 12 Month contract based REMOTELY/ in Cumbria.

Work at Sellafield Ltd, and you’re not just building a career. You’re embarking on a mission. Joining 11,000 people on a 100-year project transforming the Sellafield site for all the generations that follow.

We have the site at Sellafield (West Cumbria) and our office at Risley (near Warrington). Join us and you’ll work shoulder-to-shoulder with industry-leading – sometimes world-leading – experts. There are generations and generations of knowledge here and people are only too willing to share it. Our culture of continuous improvement is underpinned by commitment to professional and personal development few can match.

Our relentless pursuit of excellence is reflected in our health, safety, security, resilience, and environmental performance standards as well as the quality of the products and services we deliver to our customers.

To support Sellafield Ltd. as a dedicated subject matter expert (SME) within Cyber Security & Information Assurance.

The Cyber Risk Consultant position supports Sellafield Ltd. with understanding and quantifying Cyber Risk, advising control mitigations, and working with business stakeholders to address cyber risk as part of continuous risk management.

The role’s primary function is to conduct formal risk assessments and technical assurance on the Sellafield Ltd. infrastructure, applications, and cloud environments in accordance with Sellafield Ltd. standards and ONR/ICO Regulatory requirements.

As a Cyber Risk Consultant your main responsibilities will be:

• Formal risk assessment of Sellafield Ltd systems (IT/OT), applications and cloud environments.
• Providing control recommendations and advisory services to business stakeholders.
• Production of risk reports and metrics.
• Recommending architectural design principles aligned to NCSC guidance and best practice.
• Assisting with continuous cyber risk management and assurance as part of a layered defence approach.
• Producing the following deliverables:
• Requirements documentation/specifications
• CS&IA policies and procedures
• Risk assessment & assurance outputs
• Security cases / System Security Plans (SSP’s)

Essential:

• Qualified to a minimum of degree level in a relevant discipline (e.g., Cyber Security, Systems Engineering or Computer Science).
• Qualified as a Chartered Cyber Security Professional (ChCSP) or possess equivalent level of knowledge and experience within one of the following specialisms: - GRC | Secure Systems Architecture | Auditing & Assurance.
• CISSP / CISM or equivalent certification(s) within information security.
• Experience within Cyber Security Governance, Risk, Compliance & Assurance.
• Experience of working in a highly regulated environment.
• Knowledge and use of applicable security standards.
• Knowledge of Cyber Security models and frameworks (i.e., CAF, NIST RMF, Mitre ATT&CK, ONR Security Assessment Principles).
• Knowledge and experience of security architecture principles.
• Thorough knowledge of Cyber Security risk assessment methodologies.
• Experience of working alongside operational cyber security teams.
• Solid understanding and knowledge of ICT systems.
• Good communication skills across all levels of the business with the ability to articulate recommendations to technical specialists and non-technical senior stakeholders.

Desirable:

• Background in Security Architecture advisory.
• Solid understanding and knowledge of OT systems.
• Experience of CSA CCM v3 cloud security controls.
• Demonstrable experience within cloud security architectural design.

Please be aware that this role can only be worked within the UK and not Overseas.

Sellafield Ltd is committed to eliminating discrimination and encouraging diversity amongst its workforce.

Disability Confident

As a member of the Disability Confident Scheme, Sellafield guarantees to interview all candidates who have a disability and who meet all the essential criteria for the vacancy. In cases where we have a high volume of candidates who have a disability who meet all the essential criteria, we will interview the best candidates from within that group. This scheme encourages candidates with a disability and/or neurodivergence to apply.

Armed Forces Covenant

Sellafield guarantees to interview veterans or spouses / partners of military personnel who meet all the essential criteria for the vacancy. In cases where we have a high volume of ex-military candidates / military spouses or partners, who meet all of the essential criteria, we will interview the best candidates from within that group.

In applying for this role, you acknowledge the following "this role falls in scope of the Off Payroll Working in the Public Sector legislation. Any rates of payment quoted will reflect the gross rate per day for the assignment and will be subject to appropriate taxes and statutory costs. As such the payment to the intermediary and your income resulting from this contract will be different".