Radioactive Waste Management is looking for an Information Security Manager within Governance, Risk and Compliance, to join them as they continue through a critical stage in one of the UK’s largest environmental projects.

You will work with the Cyber Security and Resilience Programme to define strategic requirements and intelligence services in support of creating new in-house services. You will develop a sound understanding for the high-level business processes and the way information is used.

Role description

About RWM:

RWM’s vision as an organisation is to create a safer future by managing radioactive waste effectively, to protect people and the environment, collaborating with experts on multi-million pound research programmes and radioactive waste producers to find ways to package it that are suitable for disposal in a Geological Disposal Facility.


You will:

  • Coordinate with RWM’s wider security team to ensure that RWM receives timely and actionable strategic and operational intelligence, including intelligence sources from NDA’s intelligence collection and reporting services.
  • Combine RWM’s knowledge of information assets and threats to define and quantify all RWM information security risks, assigning risk owners to each one.
  • Analyse the root causes of each security risk to understand what action might be taken to eliminate or reduce risk to acceptable levels aligned to the Board’s risk appetite.
  • Develop RWM’s information security strategy to reduce the overall levels of security risk and address gaps in RWM’s information security capabilities or maturity.
  • Routinely update the risk analysis and monitor the progress of risk mitigation to reflect the dynamic nature of the business and threat environment.
  • Provide routine management reports to support RWM CISO monthly and quarterly reporting to the RWM Executive and Board and key NDA stakeholders.

Essential skills

You will have proven experience within strategic and/or operational intelligence analysis as well as experience in the engagement and coaching of key business, technology and security stakeholders. Membership with MCIIS and certifications in information security, governance and risk management (ISO27001 or ISO9001) would be ideal.

If you feel you are suitably qualified for this position, Thomas Thor would like to hear from you. Please contact Clare O’Brien on


We wish to thank all applicants for their interest and effort in applying for this position; however, we can only consider applicants who are eligible to work in the UK (citizen/permanent resident/work permit with sufficient length of validity).

Clare O'Brien