Head of Cyber Security Risk
  • United Kingdom Farnborough
  • BAE Systems
1 year before
31.12.2023
Securely Provision
Risk Management
Job Description

Job title: Head of Cyber Security Risk

Location: Farnborough or Preston

We offer a range of hybrid and flexible working arrangements – please speak to your recruiter about the options for this particular role.

Salary: Up to 80k dependant on experience

What You’ll Be Doing

Within this role the candidate will be responsible for:

Leading the development and implementation of an integrated Cyber Security Risk Management Methodology ensuring a consistent approach to managing cyber security risks is adopted across the business
Promote a positive cyber security risk culture across the organisation
Provide thought leadership, oversight and subject matter expertise for identifying, assessing, treating and reporting Cyber Security Risks across all Sectors in the business

Core Duties

Lead the development and implementation of Cyber Risk Taxonomy and Methodologies across BAE Systems PLC through consulting and thought leadership
Chair monthly Risk Working Groups that include representation from all Sectors and ensure appropriate level of information from the Workings Groups is reported to the GRC Boards in a timely manner
Support the Head of Cyber GRC with developing an integrated risk approach that interlinks with wider GRC objectives and with other security risk portfolios such as personnel and physical security
Maintain BAE Systems cyber risk register by identifying and managing cyber risks with appropriate risk appetite and manage adequate reporting in line with BAE Systems cyber security governance framework
Enhance Cyber Security Risk management through appropriate tooling to ensure a more efficient and thorough risk management process is accessible across the organisation

Essential

Your skills and experiences:

Cyber Security Risk Management experience across multiple organisations or lines of business
Experience of technical leadership across multiple stakeholder groups
Complex understanding of regulations, policy and proceddures and Risk Frameworks within a cyber-security environment

Desirable

CRISC, CISSP, CISM, IRM or equivalent
Experience of risk management specifically in the Cyber Security
Understanding of Risk Management in the context of NIST, Cyber Essentials+, DEFSTAN, DFARS, ISO

Benefits

You’ll receive benefits including a competitive pension scheme, enhanced annual leave allowance and a Company contributed Share Incentive Plan. You’ll also have access to additional benefits such as flexible working, an employee assistance programme, Cycle2work and employee discounts – you may also be eligible for an annual leave incentive.

The Cyber Security IT Team

This is an exciting opportunity to work within BAE Systems’ Global CISO team, reporting into the Head of Governance, Risk and Compliance. You will be responsible for leading the delivery of the Cyber Assurance programme to ensure compliance with contractual, regulatory and organisational requirements. You will lead a team of Cyber Assurance Specialist, ensuring positive technical leadership. This is a fantastic opportunity to build on your technical capability providing you with global exposure.

Why BAE Systems?

This is a place where you’ll be able to make a real difference. You’ll be part of an inclusive culture that values diversity, rewards integrity, and merit, and where you’ll be empowered to fulfil your potential. We welcome candidates from all backgrounds and particularly from sections of the community who are currently underrepresented within our industry, including women, ethnic minorities, people with disabilities and LGBTQ+ individuals.

We also want to make sure that our recruitment processes are as inclusive as possible. If you have a disability or health condition (for example dyslexia, autism, an anxiety disorder etc.) that may affect your performance in certain assessment types, please speak to your recruiter about potential reasonable adjustments.”

Please be aware that many roles working for BAE Systems will be subject to both security and export control restrictions. These restrictions mean that factors including your nationality, any previous nationalities you have held, and your place of birth may limit those roles you can perform for the organisation.

Job

IT

Primary Location

GB-ENG-HAM-Farnborough

Quick response
Required Knowledge
  • K0001   Knowledge of computer networking concepts and protocols, and network security methodologies.
  • K0002   Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
  • K0004   Knowledge of cybersecurity and privacy principles.
  • K0038   Knowledge of cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data.
  • K0048   Knowledge of Risk Management Framework (RMF) requirements.
  • K0054   Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities.
  • K0126   Knowledge of Supply Chain Risk Management Practices (NIST SP 800-161)
  • K0100   Knowledge of the enterprise information technology (IT) architecture.
Required Skills
  • S0367   Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
  • S0115   Skill in preparing Test & Evaluation reports.
  • S0137   Skill in conducting application vulnerability assessments.
  • S0141   Skill in assessing security systems designs.
  • S0147   Skill in assessing security controls based on cybersecurity principles and tenets. (e.g., CIS CSC, NIST SP 800-53, Cybersecurity Framework, etc.).
  • S0171   Skill in performing impact/risk assessments.
Required Abilities
  • A0033  Ability to develop policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities.
  • A0077  Ability to coordinate cyber operations with other organization functions or support activities.
  • A0118  Ability to understand technology, management, and leadership issues related to organization processes and problem solving.
  • A0123  Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
  • A0106  Ability to think critically.
  • A0108  Ability to understand objectives and effects.
  • A0114  Ability to develop or procure curriculum that speaks to the topic at the appropriate level for the target.