Security Risk & Assurance Manager

Job Title: Security Risk & Assurance Manager

Location: Scotstoun, New Malden, Portsmouth, or Filton – We offer a range of hybrid and flexible working arrangements – please speak to your recruiter about the options for this particular role

Salary: Up to £66,500 depending on experience

What you’ll be doing:

· Manage and deliver the Naval Ships Security Assurance Audit schedule

· Develop the Governance, Risk and Compliance (GRC) strategy for all aspects of Information, Operational and Programme Security across the Naval Ships Line of Business. Represent Naval Ships at the Maritime and Land GRC Working Group. Monitor, assess and present on Threat Intelligence

· Input into the functional Security Strategy, Operating Model and Framework ensuring compliance with domestic and international regulatory security requirements

· Manage and direct Protective Site Security Risk Assessments for all Naval Ships facilitates and critical assets. Develop a Site Security Controller (SSC) Risk Community of Practice

· Support Naval Ships Cyber Security Risk Assessments liaising with IM&T and Cyber as required. Represent Naval Ships at the Maritime and Land Cyber Risk Working Group

· Represent Security at Business Quarterly Risk Reviews, liaising with Risk and Mitigation owners as required

· Support the assessment of Security incidents and investigations. Author comprehensive security investigation reports for submission to the customer

Your skills and experiences:

Essential:

· Excellent understanding of Security Frameworks including NIST

· A strong understanding in the implementation of Information Security classifications, conditions and export requirements

· Experience in Cyber Security, specifically in relation to DEFCON658 compliance, DEFSTAN 05-138, and ICT Accreditation / Secure by Design

· Experience of Managing a team

· Experience of INFOSEC, Operations Security

Desirable:

· Degree in Information Security, Cyber Security or related field

· Relevant professional certifications such as CISSP, CISM or CRISC

· ISO 27001 Lead Auditor or Implementer

Benefits:

You’ll receive benefits including a competitive pension scheme, enhanced annual leave allowance and a Company contributed Share Incentive Plan. You’ll also have access to additional benefits such as flexible working, an employee assistance programme, Cycle2work and employee discounts – you may also be eligible for an annual incentive.

Our Team:

As the Governance, Risk and Compliance Manager – Naval Ships Security, you will manage and deliver the security Risk Management, Compliance and Assurance activities across the Information Security, Operational Security and Programme Security functions. You will ensure that the Naval Ships Security Operating Model, policies, processes and controls align to and comply with industry and customer standards and regulatory requirements.

You will deputise for the Naval Ships Head of Security as required and support regular business reporting to senior Business Unit, Sector and Group stakeholders.

Why BAE Systems?

This is a place where you’ll be able to make a real difference. You’ll be part of an inclusive culture that values diversity, rewards integrity, and merit, and where you’ll be empowered to fulfil your potential. We welcome candidates from all backgrounds and particularly from sections of the community who are currently underrepresented within our industry, including women, ethnic minorities, people with disabilities and LGBTQ+ individuals.

We also want to make sure that our recruitment processes are as inclusive as possible. If you have a disability or health condition (for example dyslexia, autism, an anxiety disorder etc.) that may affect your performance in certain assessment types, please speak to your recruiter about potential reasonable adjustments.”

Please be aware that many roles working for BAE Systems will be subject to both security and export control restrictions. These restrictions mean that factors including your nationality, any previous nationalities you have held, and your place of birth may limit those roles you can perform for the organisation.

Closing Date: 8th January 2024.

Interviews will commence from the 22nd of January 2024.

We reserve the right to close this vacancy early if we receive sufficient applications for the role. Therefore, if you are interested, please submit your application as early as possible.