Senior Vulnerability and Risk Assurance Manager 114188BR
Raytheon UK has an opportunity for an experienced IT professional to fill the role of Senior Vulnerability and Risk Assurance Manager within the Information Assurance, Security and Compliance (IASC) Group, as a key component of RSL’s IT function. The IT function is responsible for the delivery of core support services to all UK based divisions to successfully enable operational business and operational delivery.
This highly influential assurance and compliance role is responsible for providing leadership in coordinating, assessing, developing & communicating activities that minimize the overall Information Technology (IT) security risk to Raytheon UK. The post holder will do this by identifying, reporting, and driving the mitigation of security vulnerabilities within the wider network, its computing infrastructure (including endpoints) and in applications, both internal facing and in those delivered to end clients. By minimizing the internal and external IT security risks, threat based Vulnerability Management (VM) helps defend against proprietary and customer data loss, and reduces the ability for threat actors to carry out malicious activities against the Company.
- Develop a strategy to embed outward facing threat intelligence to understand, focus and prioritise remediation activities through liaison with Raytheon’s Cyber and Intelligence business and with colleagues in RMS.
- Execute, coordinate and document network discovery scans and vulnerability scans for operating system and/or database assets.
- Deliver inventory, vulnerability and associated metrics to IT team. Design and deliver vulnerability reporting using appropriate tools to drive remediation activities.
- Engage IT operations and engineering as needed to drive remediation of vulnerabilities.
- Engage project stakeholders as needed to help drive remediation of vulnerabilities on infrastructure before new applications or updates go live
- Collaborate with other IT groups on monthly patching, non-patch vulnerability remediation, vulnerability exception review.
- Perform ad-hoc vulnerability scans and/or reports.
- Interact with all levels of management, external bodies, stakeholders, and policy holders including senior leadership.
- Review IT and programme technical designs as required and make recommendations for compliance with customer, regulatory and legal requirements.
- Build strong working relationships and effective alignment across functions and businesses in Raytheon UK, Raytheon International counterparts, and Partner/Subcontractor community to enable continuously improving and efficient delivery of Services.
- Deliver cross functional improvement projects were applicable utilising the Raytheon 6 Sigma methodology.
Demonstrable Skills and Levels - SFIA Foundation Definitions
- Autonomy - Works under broad direction. Work is often self-initiated. Is fully responsible for meeting allocated technical and/or project/supervisory objectives. Establishes Milestones and has a significant role in the assignment of tasks and/or responsibilities.
- Influence - Influences organisation, customers, suppliers, partners and peers on the contribution of own specialism. Builds appropriate and effective business relationships. Makes decisions which impact the success of assigned work i.e. results, deadlines and budget. Has significant influence over the allocation and management of resources appropriate to given assignments.
- Complexity - Performs and extensive range and variety of complex technical and/or professional work activities. Undertakes work which requires the application of fundamental principles in a wide and often unpredictable range of contexts. Understands the relationship between own specialism and the wider customer/organisational requirements.
- Business Skills - Advises on available standards, methods, tools and applications relevant to own specialism and can make appropriate choices from alternatives. Analyses, designs, plans, executes and evaluates work to time, cost and quality targets. Assesses and evaluates risk. Communicates effectively, both formally and informally. Demonstrates leadership. Facilitates collaboration between stakeholders who have diverse objectives. Takes all requirements into account when making proposals. Takes initiative to keep skills up to date. Mentors colleagues. Maintains an awareness of developments in the industry. Analyses requirements and advises on scope and options for continuous operational improvement. Demonstrates creativity, innovation and ethical thinking in applying solutions for the benefit of the customer/stakeholder.
- Experience transitioning, maintaining, or using Security Technologies such as Security Incident and Event Management (SIEM), Endpoint Protection, Data Loss Prevention, Forensic Tools.
Demonstrable experience of the following:
- security technology and operational IT industry standards.
- formal architectural methods such as TOGAF and security architectures.
- Network Security and associated design and topology.
- Understanding of one or more scripting and web development programming languages.
- Microsoft Windows, Linux and Active Directory security
- Database Security – SQL, Oracle etc.
- Wireless security.
- Understanding and experience of Security Testing methodologies
- Understanding of security source code assessment methodologies
- Experience contributing to a central technology service organization.
- Experience collaborating with multiple stakeholders across functional and technical skillsets.
- Ability to understand and analyse complex business problems in order to define and develop technology-based solutions.
- Demonstrable evidence of effective problem solving skills in complex support incidents.
- Excellent customer facing skills with UK nationals and international employees and agencies.
- Excellent relationship skills - the ability to build positive relationships with both technical and business personnel.
- Experience of negotiation and conflict management skills in a complex matrix structure.
- Excellent communication skills in written and oral presentation material
- Ability to demonstrate leadership qualities within virtual teams and multi-party environments.
- SC cleared or the ability to become SC cleared.
Experience of working in MOD and with other Government Departments and Agencies.
- Preferably degree level education although significant experience and track record with tertiary qualifications.
- DV cleared or the ability to become DV cleared.