Cyber Security Supplier Assurance Manager

Welcome to the future of nuclear energy, where Westinghouse Electric Company is leading the field with expertise and innovation to shape the power of tomorrow.

At Westinghouse, innovation is in our DNA. We are creative. We think differently. We reimagine the possible across the nuclear industry every day.

As a Cyber Security Supplier Assurance Manager, you will ensure that all third-party suppliers and partners handling sensitive or critical systems and data comply with nuclear industry cyber security standards.

This role is important to maintaining supply chain security and aligning with national regulatory and industry-specific requirements, including those set by the UK Office for Nuclear Regulation (ONR) and the National Cyber Security Centre (NCSC).

This is an intelligent customer role.

You will report to the Chief Information Security Officer (CISO) and be located at Springfields Fuel Site. Hybrid remote/in-office.

Key Responsibilities:

• Lead cybersecurity risk assessments for new and existing suppliers, focusing on their role in nuclear operations and the sensitivity of shared information.
• Classify suppliers based on cyber risk and apply appropriate assurance levels.
• Develop and manage the cybersecurity supplier assurance program, including on-site and remote audits.
• Assess suppliers against security controls aligned with NCSC CAF, ISO 27001, and industry frameworks such as NIS Regulations and IAEA guidance.
• Ensure supplier compliance with contractual cybersecurity requirements, including incident response, data protection, and access controls.
• Collaborate with Legal, Procurement, and Commercial teams to integrate cybersecurity clauses into supplier contracts.
• Work with internal cybersecurity, supply chain, IT, and operations teams to support comprehensive risk management.
• Be the main contact for suppliers on cybersecurity assurance topics.
• Support investigations and remediation efforts following supplier-related cybersecurity incidents.
• Implement lessons learned and improve controls based on incident outcomes.
• Stay informed about emerging threats, regulatory updates, and best practices in supply chain cybersecurity.
• Lead initiatives to improve third-party risk management and assurance maturity.

Qualifications:

• Professional certifications such as CISSP, CISA, CISM, CRISC, or ISO 27001 Lead Auditor.
• Background in cybersecurity with a focus on supplier assurance and third-party risk management.
• Knowledge of UK regulatory requirements for cybersecurity in the nuclear or Critical National Infrastructure (CNI) sectors.
• Skilled in conducting audits and assessments using security standards such as ISO 27001, NIST, NCSC CAF, or similar frameworks.
• Ability to navigate complex supplier ecosystems, including international and high-value vendors.
• Background in working within government or regulated environments such as defence, energy, or aerospace sectors.

#LI-Hybrid

We know that to put forth your best effort, you need to be challenged and enjoy what you do in a supportive and respectful environment. We aim to maintain this balance by offering our employees the amenities, benefits and training they need to reach personal and professional goals.

• Attractive remuneration
• Great benefits for your convenience and safety:
  • Peer-to-peer recognition program.
  • Life insurance
  • DC Pension plan
  • Learning and development opportunities.
  • We encourage our employees to participate in community service events and other team-building activities to strengthen their bonds and inspire each other.

You can learn more about Westinghouse by visiting Westinghouse UK Nuclear | Westinghouse.

Equal Opportunity Employer of Minorities/Females/Vets/Disability.

Get connected with Westinghouse on social media: X | Facebook | LinkedIn| YouTube