Job Description

Position description (high level summary, 2 - 3 statements)

Working within the Maritime Services Security team, this new role will see you working across all branches of security functions and external supplier site locations, supporting the delivery and application of security in support of Programme delivery, undertaking specified work as commissioned by the Security Operations Manager in line with Supply Chain Governance requirements.

You will be responsible for Information Security supply chain assurance and act as the interface between the business and suppliers to establish collaborative working practices to support the integrity of security management measures and that compliance with legislation and company policies are being followed.

The role will execute security responsibilities for one or more complex Security work streams in order to protect BAE Systems, its people, infrastructure, information and assets, as well as the interests of its shareholders and customers, and to fulfill regulatory and legal obligations.

Core Activity (key day to day tasks, ideally 10 - 12 points)

  • Ensuring demonstrable compliance with the requirements of the Defence Cyber Protection Partnership and generating Security Aspects Letters in line with HMG Policy.

· Ensuring demonstrable compliance with defence industry contractual security requirements, not limited to; the Defence Federal Acquisition Regulation Supplement (DFARS), NATO and OCCAR.

· Provide security advice and guidance to the business group internal and external stakeholders and make recommendations to improve security solutions for the work stream.

· Conduct and review security risk assessments and define operational requirements for the assigned work stream to protect critical assets.

· Oversee security tasks and coordinate security services based on relevant policies, standards, procedures, contractual requirements and best practices of the assigned work stream(s).

· The Analysis of Information Security Requirements and the assessment of compliance with these requirements, developing action plans to address identified non-compliances.

· Assess the adequacy of the security measures within their business area to ensure that policies and procedures are up-to-date and take account of developments.

· Build effective relationships and coordination with key local functions and business representatives.

· Influence the security culture by raising security awareness amongst employees, management and suppliers, modelling behaviours that demonstrate BAE Systems values.

  • Attending supplier sites to conduct security audits and advise on information security requirements, standards and legislation.
  • Managing security incidents, including the investigation of incidents and remedial action.
  • Lead supply chain information security risk assessments and track remedial activities through to resolution to improve information security performance.
  • Generating a business network appropriate to specific role requirements and maintaining positive relationships with internal and external stakeholders to ensure information security is at the forefront of business decisions.
  • Authoritative communication of security aspects as appropriate to programmes, partners and suppliers and engender continuous improvement to embed an effective security culture.

Key Accountabilities (ideally 10 - 12 points)

- Conduct security assurance activities across Line of Business supply base to protect company, customer and partner information

- Ensure threats to company, customer and partner information are highlighted and resultant risks managed

- Promote an ethos of both Technical and procedural security knowledge sharing with key stakeholders.

- Accountable for the quality of the security advice given and tasks completed and their work is linked closely to the work of others within the business. Therefore their work is likely to impact on the overall effectiveness of the function and Business.

- Be an advocate of Information Security.

- Participate in Security audits to meet Government regulatory requirements and Industrial certification.

- Advise suppliers on Security enhancements to to meet Government regulatory requirements and Industrial certification.

Qualifications/Functional Knowledge

- Relevant degree or equivalent in Computing, Information Systems or Security related or Supply Chain subject.

- Industry recognized Information Security, Supply Chain or audit Qualification is highly desirable.

- Two years experience in a similar role.

- Demonstrable knowledge and experience of Information Security principles and processes (ISO27001/2).

- Demonstrable knowledge and experience of Supply Chain principles and processes.

- Working towards Information Security qualification (e.g. MSc, CISM, CISSP) is highly desirable.

Ready to Start?

Apply now
Outsource - taking care of everything