Cyber Security and Information Assurance Manager

Originally named, Great British Nuclear, Great British Energy – Nuclear is an arm’s length body of the Department for Energy Security and Net Zero, dedicated to supporting the development and deployment of new nuclear technologies in Great Britain. We play a crucial role in advancing nuclear new build, ensuring the UK’s energy security and achieving net-zero carbon emissions. Great British Energy – Nuclear focuses on fostering innovation, facilitating investment, and coordinating efforts across the nuclear industry to build a resilient and sustainable energy future. Great British Energy – Nuclear’s first step was to start the technology selection process for Small Modular Reactors (SMRs) in 2023. SMRs can potentially be quicker to deploy and less expensive to build than traditional nuclear power plants because they are smaller, have factory-based modular manufacturing and more flexible deployment options. In June 2025, Great British Energy – Nuclear announced that Rolls-Royce SMR had been selected as the preferred bidder to build the UK’s first SMRs, following a technology selection process that began in 2023. Great British Energy – Nuclear is aiming to deliver fast, based on a supportive and collaborative culture which values equality and diversity and creates an inclusive workplace. We draw on deep nuclear expertise – our Executive Committee has over 100 years of nuclear experience at home and abroad. GBE-N will unlock billions of pounds of private and public investment from design to operation, helping to get sites ready for development, and working to grow manufacturing capacity and skills capability. Our activities will be driven by our values, which are: Trust – We prioritise safety, we act responsibly and with integrity. Collaboration – We work as a team; we value diversity and expertise. Challenge – We are curious and courageous in the way we think and act. Care – We are thoughtful, inclusive and respectful of others. Drive – We get things done and we make a difference. If you have a disability and would prefer to apply in a different format or would like us to make reasonable adjustments to enable you to apply or attend an interview, please contact us at recruitment@greatbritishnuclear.uk and we will talk to you about how we can assist.

Role Description

The IPT Safety, Licensing and Assurance Function is seeking a highly skilled and experienced Cyber Security and Information Assurance Manager to lead the development and implementation of cyber security strategies for our SMR programme. This role will focus on Operational Technology (OT) systems and ensure compliance with nuclear industry standards and regulatory requirements. You will be responsible for safeguarding critical infrastructure, managing cyber risks, and ensuring the secure delivery of digital systems across the lifecycle of the SMR power station.

Key Responsibilities

• Lead the cyber security strategy for OT systems design within the SMR programme, including ICS, SCADA, and other safety/security -critical systems.
• Ensure compliance with relevant nuclear and cyber security standards, including: IEC 62443 (Industrial Automation and Control Systems Security) ISO/IEC 27001 (Information Security Management) NCSC guidance and UK Cyber Essentials ONR Security Assessment Principles (SyAPs)
• Develop and maintain the Information Assurance Framework for the SMR project.
• Collaborate with engineering, IT, and regulatory teams to integrate security into system design and delivery.
• Conduct risk assessments, threat modelling, and vulnerability analysis for OT/IT environments.
• Oversee incident response planning and cyber resilience testing.
• Oversea Systems Integration and Testing
• Manage relationships with external vendors, regulators, and stakeholders.
• Provide leadership and mentoring to cyber security personnel within the SLA division.

Required Qualifications and Experience

• Proven experience in cyber security management within critical infrastructure or nuclear environments.
• Strong expertise in Operational Technology (OT) and industrial control systems.
• In-depth knowledge of relevant codes, standards, and regulatory frameworks.
• Experience with secure system design, implementation, and lifecycle management.
• Excellent stakeholder engagement and communication skills.
• Relevant certifications (e.g., CISSP, CISM, GICSP, ISO 27001 Lead Implementer) are highly desirable.
• Degree in Cyber Security, Information Assurance, Engineering, or a related field.

Desirable Attributes

• Experience in nuclear licensing and regulatory engagement.
• Familiarity with SMR technologies and digital twin environments.
• Ability to work in a high-assurance, safety-critical context.
• Strategic thinker with a proactive approach to emerging threats and technologies.
• The role holder will be expected to recruit and lead a team expected to be in the region of 1-3 FTE.

Key Responsibilities:

• Secure by Design
• Act as the primary interface for all matters relating to the application of the Secure by Design philosophy across the project.
• Thoroughly review and, where appropriate, accept or reject submissions related to SbD, including:
• Design proposals for systems important to Safety, Security and Safeguards.
• Proposals for design change.
• Interaction with the Design Authority.
• Interaction with the NSC.
• Key Stakeholder Management
• Provide expert advice to the project on all matter concerning Cyber Security and Information Assurance.
• Manage and oversee the internal relationships with security stakeholders.
• Ownership of external relationships, to include NCSC and ONR
• Maintain a register and tracking system for all Key Subcontracts
• Facilitate and lead meetings relating to those elements of Design important to Cyber Security and Information Assurance.

Policy and Process

• The creation and maintenance of the policy and associated process required to enable risk-informed decision making concerning the design of systems for the SMR power station.
• Ownership of forward work plans, that considers the capability and capacity required to meet the demands of the project.

Innovation for Cyber Security and Information Assurance:

• Drive innovation for Cyber Security and Information Assurance, to consider modern technologies and/or approaches.
• Drive economic efficiency and value for money for the taxpayer through robust oversight of all elements of Cyber Security and Information Assurance of the SMR power station, throughout the nuclear lifecycle.

Reporting & Performance Management:

• Manage, review, and analysis of the demonstration of SbD across all elements of the project, to identify trends, risks, and areas for improvement.
• Development of KPI’s and the assessment of performance
• Approval of Corrective Action Plans, where deficiency is acknowledged.
• Facilitate and lead review meetings related to Learning from Experience (LfE).

Qualifications, Experience & Skills:

• Essential : Proven experience in cyber security management within critical infrastructure or nuclear environments.
• Strong expertise in Operational Technology (OT) and industrial control systems.
• In-depth knowledge of relevant codes, standards, and regulatory frameworks.
• Experience with secure system design, implementation, and lifecycle management.
• Excellent stakeholder engagement and communication skills.
• Degree in Cyber Security, Information Assurance, Engineering, or a related field.
• Ability to achieve UK National Security Vetting – Security Check (SC)

Desirable Attributes

• Relevant certifications (e.g., GICSP , CISSP, CISM, ISO 27001 Lead Implementer) are highly desirable.
• Experience in nuclear licensing and regulatory engagement.
• Familiarity with SMR technologies and digital twin environments.
• Ability to work in a high-assurance, safety-critical context.
• Strategic thinker with a proactive approach to emerging threats and technologies.
• Experience working within a regulated industry (e.g., nuclear, utilities).
• Experience in managing a team
• A solid understanding of various forms of functional/performance methodologies for Secure by Design
• Experience in a client-side/employer role.
• Membership of a relevant professional body.