Job title: Information Security and Risk LeadLocation: Farnborough or Preston. We offer a range of hybrid and flexible working arrangements - please speak to your recruiter about the options for this particular role.Salary: Circa £70,000 depending on skills and experienceWhat you'll be doing:
Managing and delivering IT Security Assurance / InfoSec across SS to include first line assurance, IT security approvals (PAM, Privileged Accounts, Hand Carry, email quarantine, etc)Developing standards and procedures to support Security, IT Security Assurance and InfoSecEnsuring SS activities comply with relevant Government security requirements, e.g. List X, and esp. on IT Security;Managing the security risk profile and mitigation measures for SS, overall management of supply chain assurance and Insider Threat/Case Coaching interfaceProviding expert IT security advice and guidance to all SS delivery streams and represent SS on security working groups (supplier assurance, accreditation, etc)Developing/maintaining relationships internally and externally, especially with UK Government Security regulatory agencies (Cabinet Office, MOD, NCSC, etc.), Law Enforcement and Industry partnersCoordinating / delivering identified opportunities for improving efficiency/effectiveness and value for money across SSProviding specialist IT security advice and briefings to all Shared Service staffOversight/governance of Vetting Records System (VRS) and Archer Risk/Incident systems including Data Quality and Disaster RecoveryCoordinating and managing security audits of SS business as necessary and on mitigations/remedial actionsSupporting/delivering security related investigations and breaches, lead security incidents as appropriateSecurity support to BCM, contingency planning and incident management
Your skills and experiences:Essential
Extensive understanding of Government security requirements (especially List X and IT Security requirements) and an understanding of other regulatory regimesExcellent knowledge of IT Security, Assurance and Security Risk mechanisms and controls, with experience in conducting IT security assurance activitiesAn advanced IT security qualification (CISMP, CISSP, etc.) is essential
- Strong understanding of physical, contractual and personnel security controls
- Experience of conducting complex security investigations in accordance with regulatory requirements
You'll receive benefits including a competitive pension scheme, enhanced annual leave allowance and a Company contributed Share Incentive Plan. You'll also have access to additional benefits such as flexible working, an employee assistance programme, Cycle2work and employee discounts - you may also be eligible for an annual incentive.
The InfoSec and Security team:
The team provide effective assurance/support throughout Shared Services and oversee the security control effectiveness for the Shared Services business. IT Security Assurance is vital to to ensure that contractual security requirements and obligations are met, and security risk is appropriately managed.
Why BAE Systems?
This is a place where you'll be able to make a real difference. You'll be part of an inclusive culture that values diversity, rewards integrity, and merit, and where you'll be empowered to fulfil your potential. We welcome candidates from all backgrounds and particularly from sections of the community who are currently underrepresented within our industry, including women, ethnic minorities, people with disabilities and LGBTQ+ individuals. We also want to make sure that our recruitment processes are as inclusive as possible. If you have a disability or health condition (for example dyslexia, autism, an anxiety disorder etc.) that may affect your performance in certain assessment types, please speak to your recruiter about potential reasonable adjustments."
Please be aware that many roles working for BAE Systems will be subject to both security and export control restrictions. These restrictions mean that factors including your nationality, any previous nationalities you have held, and your place of birth may limit those roles you can perform for the organisation.