IT Security Manager

Job Description

Job Title: IT Security Manager

Location: Rochester, Kent. We offer a range of hybrid and flexible working arrangements – please speak to your recruiter about the options for this particular role.

Salary: £65,000 – £75,000 depending on experience and skills

What you’ll be doing:

• Delivery of Cyber Security assurance activities to ensure ‘secure by design’ and ‘effective in operation’ for systems and services in scope
• Cyber Security risk assessment of systems and services
• Support the definition and design of secure solutions that meet business needs
• Assess Architectural designs and identify proportionate Cyber Security controls aligned with business objectives
• Assessment of systems, services, and Cyber Security controls, to provide an independent analysis of compliance with BAE Systems Security Policy, standards, and external regulatory requirements. Lead Assessment of Cyber Security controls to ascertain effectiveness in reducing risk, including any vulnerability components
• Analysis, creation, and compilation of relevant documentation determining the compliance level of systems and services, technical security controls with applicable certification, accreditation, and internal policy requirements
• Provide guidance to the various ES(UK) functions on their obligations regarding cyber controls, and advising on risk mitigation and control adherence
• Penetration tests & Vulnerability analysis
• Cyber Security Control Monitoring and Reporting
• Stakeholder engagement

Your skills and experiences:

Essential:

• It is essential that you approach this role with great pragmatism, recognising that not everything can be mitigated against 100%. You will need to understand the key risks, impact and what realistically can be done to mitigate those risks, with a thorough understanding of the other factors involved in delivering effective IT to our internal customers. You will also need to liaise with all other areas of the IT function to ensure they understand and agree our approach in delivering systems is essential
• Proven Cyber Security assurance experience, dealing with security risk, requirements, technologies, and architectures
• You should have a good technical background and experience working in a similar Cyber Security role with a wide range of knowledge of application, infrastructure and security technologies and in-depth knowledge of implementing them in a secure configuration within Systems/Networks/Applications/Operational Technology & Cloud environments
• In-depth knowledge of threats, risks, vulnerabilities and risk mitigations strategies and techniques
• Knowledge and a practical application of information security standards, such as HMG, NIST 800-53, NIST 800-171, DEFSTAN 05-138 and how they relate to the commercial terms placed on us by our customers these typically being DEFCON 658 and DFARS 252.204-7012 (and related DFARS)
• A familiarity with how cyber controls are applied to Operational Technology would be a major benefit
• Ability to work autonomously and manage workload and priorities based on demand from multiple projects

Desirable:

• CISSP/CISM/CCSP/CCSK and/or CCP (or equivalent to these) – Desirable in one or more certifications with good communication/presentation skills, good problem, and analytical skills, with an ability to cut through complex situations

Benefits:

You’ll receive benefits including a competitive pension scheme, enhanced annual leave allowance and a Company contributed Share Incentive Plan. You’ll also have access to additional benefits such as flexible working, an employee assistance programme, Cycle2work and employee discounts – you may also be eligible for an annual incentive.

The IT, Cyber, Governance and Information Security team:

The role is responsible for managing the cyber security aspects of the existing IT estate, understanding the controls required for new systems and ensuring that projects consider all the required IT cyber security aspects during their lifecycle. Additionally, the role will need a pragmatic approach to the risk management of all aspects of the existing and proposed new IT Systems.

Why BAE Systems?

This is a place where you’ll be able to make a real difference. You’ll be part of an inclusive culture that values diversity, rewards integrity, and merit, and where you’ll be empowered to fulfil your potential. We welcome candidates from all backgrounds and particularly from sections of the community who are currently underrepresented within our industry, including women, ethnic minorities, people with disabilities and LGBTQ+ individuals.

We also want to make sure that our recruitment processes are as inclusive as possible. If you have a disability or health condition (for example dyslexia, autism, an anxiety disorder etc.) that may affect your performance in certain assessment types, please speak to your recruiter about potential reasonable adjustments.

Please be aware that many roles working for BAE Systems will be subject to both security and export control restrictions. These restrictions mean that factors including your nationality, any previous nationalities you have held, and your place of birth may limit those roles you can perform for the organisation.

Closing Date: 9th August 2024

We reserve the right to close this vacancy early if we receive sufficient applications for the role. Therefore, if you are interested, please submit your application as early as possible.

#LI-SH1

#LI-Hybrid