Senior Cyber Risk Manager

As the Senior Cyber Risk Manager here at EDF, you will be responsible for providing organisational oversight, leadership, and delivery of risk management across EDF Business Units together with producing the aggregated EDF UK holistic risk management position.

• Identify and oversee the mitigation of cyber risks owned by the central Enterprise Information Security team - involving identifying, managing, mitigating and reporting cyber-related risks.
• Development and management of the organisational Cyber Risk Management Framework including the related processes aligned with industry best practices and organisational capabilities.
• Responsible for the development of risk management‑related policies and ensuring alignment of the policy with regulation and wider EDF UK business policies.
• Responsible for oversight and governance of organisational risk management, ensuring effective and comprehensive risk oversight, ensuring Risk Owners are actively managing and remediating their risks.
• Monitoring the efficiency and effectiveness of the risk management processes across EDF UK and making recommendations for continuous improvement and incorporating emerging risks such as those related to AI systems and other similar disruptive technologies.
• Actively communicate the cyber risk position to stakeholders, including attending senior risk forums, and provide advice to address cybersecurity risk. You will foster strong relationships with internal stakeholders, being a cyber risk advocate driving focus to ensure cyber risk considerations are integrated into all business processes.
• Build, maintain and manage risk tooling, currently ServiceNow Integrated Risk Management to facilitate active risk management, supporting an up‑to‑date central risk register. Using this tool, you will be accountable for ensuring continuous review and reporting to senior leaders to ensure the cyber risks are understood and being managed.
• Work with the Assurance team to ensure the Enterprise ISMS remains current and effective. You will also need to ensure the cyber security controls are defined and effectively deployed to manage risk, with exceptions and control gaps being captured and reported.

• Own the delivery of the EDF Enterprise risk position, driving risk management operational practices and embedding a proactive risk culture within both the central and business unit risk management teams.
• Work with and challenge businesses to create and maintain appropriate risk registers.
• Curate the aggregate risk position for the EDF UK business, covering the cyber security top risks and control statements.
• Communicate the aggregated risk position to senior executive stakeholders.
• Lead the Cyber Risk Management Community of Practice to provide alignment and sharing of best practice amongst EDF UK businesses.
• Stay current with emerging cyber threats, risk management techniques, and regulatory changes.

We’re looking for someone with experience in risk management delivery within a large, complex and regulated environment with the ability to evaluate risk treatment options and ensure decisions are pragmatic and aligned with strategic and business objectives. You’ll also be able to establish and operationalise risk processes and generating actionable risk reporting.

Our ideal candidate will have demonstrable hands‑on delivery experience in the cyber security field, with practical exposure to implementing and managing technical or procedural controls in operational environments.

You’ll be confident in influencing and persuading stakeholders and have the ability to build strong working relationships built on trust and credibility.

The proven experience of working with external partners and ensuring controls are tested and improved in line with standards such as Cyber Essentials+, ISO27001, both of which cover supplier‑related risk and third‑party assurance.

Experience in identifying, assessing and mitigating cyber risks, with a strong grasp of CNI or enterprise level risk frameworks (e.g., ISO 27001/27005, NIST, CAF, Cyber Essentials+) is desirable as well as knowledge of security concepts and controls within both IT and OT environments.

Alongside a salary negotiable depending on experience, potential to earn 10% bonus, 28 days holiday plus bank holidays and a market‑leading pension scheme, your package will include a range of benefits, from the big and formal to the small and personal.

We’re talking about everything from enhanced parental leave to electric vehicle leasing, health insurance to product discounts, critical illness insurance to technology vouchers, gym membership to season ticket loans.

At EDF UK, we embrace flexibility while recognising that everyone’s working needs are different. Whether you’re in our office spaces, on site, or working remotely, we promote an environment that supports collaboration, connection, and comfort. No matter where you are, our priority is to make sure you feel safe, valued, and celebrated.

Here, we do right by each other and everyone’s welcome. We’re on an action‑oriented journey, championing equity, diversity, and inclusion. We’d like our future workforce to have an equal gender balance, represent a broad mix of people from minority ethnic backgrounds, LGBTQ+, those with a disability and supporting social mobility.

We’re a disability confident employer and we’ll do all we can to help with your application. Please let us know if you need to request reasonable adjustments.

We take pride in fostering a dynamic and inclusive environment, where the diverse backgrounds and experiences of our employees drive fresh thinking and innovation. We understand that success means different things to different people. We believe there are multiple definitions of what it means to succeed. That’s why we support you to pursue a career that’s unique to you. Because success is personal.

Success is personal. It’s your journey, powered by us. Join us and we’ll help Britain achieve Net Zero together.