Operational Security Team Lead

At Sellafield Ltd, we are harnessing our expertise; bringing together world‑class skills and innovative technology to solve complex nuclear, infrastructure, and engineering challenges. By joining Sellafield Ltd, you join an amazing team of people, from all walks of life, where you can thrive in a connected, considerate culture of innovation, collaboration, and community; and play a significant part in the UK’s sustainable nuclear future.

The challenges we face are amongst the most complex anywhere in the world. We are using advanced technologies to shape, create and advance the world’s nuclear decommissioning knowledge and capability. That’s why our work is driven by people with a passion for problem‑solving and innovation.

We are seeking an Operational Security Team Lead to establish a new team managing day‑to‑day security and resilience of systems managed by the IT Service Delivery function. This role focuses on ensuring core operational security controls are consistently applied, including patching, vulnerability management, adherence to security standards and policies, and the governance of privileged user access.

This role will ensure that our systems, applications, and data are adequately protected against potential threats and vulnerabilities. The IT Operations Security Team take responsibility for identifying, assessing, and driving remediation efforts for vulnerabilities across Sellafield’s on‑premise and cloud infrastructure, adhering to stringent regulatory requirements and industry best practices.

The IT Operations Security Team are responsible for Access Management and maintenance of identity and access management solutions, enforcement of access policies and conducting regular access reviews. As well as point of approval for privileged activities and privileged Identity Management.

Key responsibilities

• Implement and manage robust security protocols and procedures, identifying potential threats and vulnerabilities across operational processes.
• Oversee regular vulnerability assessments, ensuring rapid response and ongoing improvement of penetration testing plans and methodologies across systems and applications.
• Ensure clear understanding within the IT Operations Security Team of the criticality and importance of information and technology resources to enable effective prioritisation of monitoring and remediation.
• Act as the primary liaison for security‑related matters, maintaining strong communication with the Cyber Team.
• Collaborate closely with IT and Cyber teams to strengthen the organisation’s security posture, support incident response, and contribute to the development and implementation of security policies, including process and governance for certificate and encryption key management.
• Provide oversight for the Access Management capability, managing team workload and ensuring delivery of privileged access management, including provisioning, deprovisioning, and auditing.
• In collaboration with CS&IA, ensure VA and ITHC results are analysed, triaged, and risk‑scored based on potential business impact.
• Ensure the organisation’s risk appetite for information security is understood and applied across the area of responsibility, and confirm all suppliers meet patch management requirements tied to SLA/KPI obligations.
• Analyse and elevate risks from SLA/KPI shortfalls, feeding into CS&IA for assessment and upward reporting through the Governance, Risk, and Compliance structure.
• Oversee the development, maintenance, and continuous improvement of the identity and access management framework and account‑level principles, working with ISO/ICT and business stakeholders to align with wider regulatory and organisational priorities.

Your Skills and Qualifications

• Degree in Cyber Security / Information Security or equivalent practical experience.
• Proven experience of leading or working in operational security teams.
• Strong knowledge of security processes, procedures, and vulnerability management (on‑premise and cloud).
• Experience using vulnerability scanning/management tools and interpreting results.
• Proven ability to analyse security issues, assess risks, and recommend corrective action.
• Experience leading and mentoring security teams in a collaborative environment.
• Strong analytical skills, able to identify patterns, trends, and communicate risks effectively to stakeholders.
• Must hold or commit to achieving DV clearance within 12 months of appointment.

Skills Considered Desirable:

• Experience in vulnerability management within a regulated environment.
• Relevant certifications (e.g., GIAC, GCIA, CISSP).

Benefits

• You will benefit from an annual bonus of up to 15%, made up of company and personal performance.
• An attractive defined contribution pension scheme – the company will match up to 13.5% for a 7% employee contribution.
• 30 days annual leave + bank holidays. Plus, the ability to purchase an extra 2.5 days per year.
• The ability to carry over 10 days annual leave each financial year.
• Paid Sick Leave.
• Family Friendly Policies.
• Cyle to Work Scheme.
• Learning & Development Opportunities.
• Reward & Recognition Policies.
• Welfare & Employee Assistance Programme.
• Free Aviva Health App & Annual Health Check.
• MyDiscounts – Employee Savings & Discounts.
• MyBenefits – A Charity Giving Scheme.
• Many, many more!

Sellafield Ltd is a unique place to grow your career, offering a remarkable blend of role variety, job security, personal growth, professional development, and truly significant work. This is your opportunity to tackle some of the biggest challenges in the nuclear, infrastructural and engineering worlds and create a clean and safe environment for generations to come.

Additional Information

Sellafield Ltd are recognised as a Disability Confident Employer (Level 3). Disability Confident employers offer an interview to disabled applicants that meet the minimum criteria for a vacancy. Sellafield Ltd define the minimum criteria as the ‘essential skills’ which are listed on the vacancy notice. Whilst completing your application form, you will be able to indicate if you wish to be considered under the disability confident scheme. If you would prefer to discuss this directly with us, please contact the GBS Recruitment team.

This role is subject to achieving security clearance. It requires a higher level of National Security Vetting where applicants must typically have 5 or 10 years of continuous residency in the UK. Factors such as your nationality, any nationalities you may have previously held, and your place of birth can restrict the level of clearance you’re able to achieve.