Job Description

Job title: Head of Cyber Security Assurance and Compliance

Location: Preston

We offer a range of hybrid and flexible working arrangements – please speak to your recruiter about the options for this particular role.

Salary: Up to 80k dependant on experience

What You’ll Be Doing

Within this role the candidate will be responsible for:

Leading the delivery of Cyber Assurance programme against all applicable security standards to ensure compliance with contractual, regulatory and organisational requirements
Providing technical leadership to a team of cyber assurance specialists ensuring they are suitably equipped and empowered to undertake day to day assurance activities
Providing oversight and effective reporting of assurance progress to relevant senior boards and committees
Chairing the Cyber Assurance Working Group

The Role Holder Will

Manage the delivery of assurance assessments against standards-based compliance requirements across all business areas in BAESYSTEMS PLC
Maintain oversight of all findings and subsequent remediation plans
Manage continuous assurance lifecycle processes within operational environments.
Provide advice and guidance on meeting security related statutory and regulatory requirements.
Develop and implement processes to automate assurance activities via effecting tooling
Support Digital and Data Assurance activities in line with Operational Assurance Framework
Align assurance activities with accreditation and Secure by design requirements

Essential

Your skills and experiences:

Cyber Assurance and Compliance experience across multiple organisations or lines of business
Experience of technical leadership across multiple stakeholder groups within a cyber-security environment
Proven management experience of developing a high performing team

Desirable

CRISC, CISSP, CISM, IRM or equivalent
Understanding of assurance assessments in the context of external frameworks such as NIST, Cyber Essentials+, DEFSTAN, DFARS, ISO

Benefits

You’ll receive benefits including a competitive pension scheme, enhanced annual leave allowance and a Company contributed Share Incentive Plan. You’ll also have access to additional benefits such as flexible working, an employee assistance programme, Cycle2work and employee discounts – you may also be eligible for an annual leave incentive.

The Cyber Security IT Team

This is an exciting opportunity to work within BAE Systems’ Global CISO team, reporting into the Head of Governance, Risk and Compliance. You will be responsible for leading the delivery of the Cyber Assurance programme to ensure compliance with contractual, regulatory and organisational requirements. You will lead a team of Cyber Assurance Specialist, ensuring positive technical leadership. This is a fantastic opportunity to build on your technical capability providing you with global exposure.

Why BAE Systems?

Working for one of the leading defence, security and aerospace companies in the world, this is a place where you’ll be able to make a real difference. You’ll be part of an inclusive culture that values diversity, rewards integrity, and merit, and where you’ll be empowered to fulfil your potential. We welcome candidates from all backgrounds and particularly from sections of the community who are currently underrepresented within our industry, including women, ethnic minorities, people with disabilities, neurodivergent and LGBTQ+ individuals.

We also want to make sure that our recruitment processes are as inclusive as possible. If you have a disability or health condition (for example dyslexia, autism, an anxiety disorder etc.) that may affect your performance in certain assessment types, please speak to your recruiter about potential reasonable adjustments.”

Please be aware that many roles working for BAE Systems will be subject to both security and export control restrictions. These restrictions mean that factors including your nationality, any previous nationalities you have held, and your place of birth may limit those roles you can perform for the organisation.

Job

IT

Primary Location

GB-ENG-HAM-Farnborough

Quick response

Required Knowledge

• K0001   Knowledge of computer networking concepts and protocols, and network security methodologies.
• K0004   Knowledge of cybersecurity and privacy principles.
• K0005   Knowledge of cyber threats an`d vulnerabilities.
• K0013   Knowledge of cyber defense and vulnerability assessment tools and their capabilities.
• K0044   Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
• K0260   Knowledge of Personally Identifiable Information (PII) data security standards.
• K0261   Knowledge of Payment Card Industry (PCI) data security standards.
• K0262   Knowledge of Personal Health Information (PHI) data security standards.
• K0290   Knowledge of systems security testing and evaluation methods.
• K0332   Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
• K0624   Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list)

Required Skills

• S0036   Skill in evaluating the adequacy of security designs.
• S0147   Skill in assessing security controls based on cybersecurity principles and tenets. (e.g., CIS CSC, NIST SP 800-53, Cybersecurity Framework, etc.).
• S0167   Skill in recognizing vulnerabilities in security systems. (e.g., vulnerability and compliance scanning).

Required Abilities