Cyber Security Assessment Professional

Location(s): UK, Europe & Africa : UK : Leeds || UK, Europe & Africa : UK : Gloucester || UK, Europe & Africa : UK : Guildford || UK, Europe & Africa : UK : London || UK, Europe & Africa : UK : Manchester 

Job Title: Cyber Security Assessment Professional

Location: The role will primarily be hybrid but you will be required to work out of either Gloucester, Guildford, Leeds or Guildford to perform on-site assessment work (Classified Networks) or to connect with other employees for meetings and wellbeing purposes.

What you’ll be doing

• BAE Systems has internal security assurance requirements from our Chief Information Security Officer covering all areas of the business.  You would be part of that assurance activity within Digital Intelligence, to provide the firm with confidence that our security controls are implemented and are performant and also using your knowledge around remediation, when gaps are identified.
• Working within an established/documented controls framework (Secure by Design, to confirm controls aligned to the NIST 800-53 Framework are implemented and performant for a system or application across the Digital Intelligence networks.  The firm has customised the core NIST 800-53 standard controls and documented this in the Group Cyber Security Standards (GCSS) which will be used as the compliance information needed to enable you to assess and measure against for compliance.
• Liaising with Information Management & Technology (IM&T) and Engineering System Managers to review their Level 1 self-assessments to ensure that the control evaluation evidence is complete. This evaluation serves as the Level 2 assessment and our second line of defence.
• Contributing to risk assessments as part of your work when evaluating the gaps in control effectiveness for each system.

Your skills and experiences

• Familiarity with industry standards and compliance frameworks, specifically NIST 800-53 but awareness of ISO 27001 and Cyber Essentials would be beneficial.
• Awareness and working experience of assessing security controls – specifically technical and administrative controls.  Physical controls are out of scope as they are managed by a different part of the Security team at BAE Systems.
• Exposure to Operational Technology (OT) assurance aligned with NIST controls
• Ability to obtain a UK National Security Clearance (UKSC) or have existing UKSC clearance.
• Security control assessor attitude – attention to detail and proven skills in IT system audit.
• Excellent written and oral communication skills to enable working with stakeholders from different levels within the business - technical/non-technical.
• Adept at managing multiple priorities in a dynamic environment.
• Adopts a flexible approach to work, showcasing the ability to proactively take initiative and work independently, yet equally comfortable collaborating within a team where ideas and skills are shared.
• Outgoing personality to work with our wide range of stakeholders.
• Enthusiasm all things cyber security assurance and continuous learning to keep skills and knowledge current.

Benefits

You will be working within an engaging, supportive and inclusive firm committed to your long term development and wellbeing.

As well as a competitive pension scheme, BAE also offers employee share plans, an extensive range of flexible discounted health, wellbeing & lifestyle benefits, including a green car scheme, private health plans and shopping discounts – you may also be eligible for an annual incentive.

You will also have access to continuous training via on the job learning, web based training or courses.  We will also pay for professional membership (BCS/CIISEC/ISACA/ISC2 for example) if held or gained through training whilst in the role.  Only one professional membership will be paid for.

Security Team

Digital Intelligence Security team is composed of Physical, Operational and Assurance teams who are protecting our assets – people, offices, data both company and clients. The defence industry comes with unique security challenges from many threat actors of different abilities and funding.  You will be protecting the firm’s assets and indirectly protecting the people who protect the UK way of life.

Why BAE Systems?

• This is a place where you’ll be able to make a real difference. You’ll be part of an inclusive culture that values diversity, rewards integrity, and merit, and where you’ll be empowered to fulfil your potential. We welcome candidates from all backgrounds and particularly from sections of the community who are currently underrepresented within our industry, including women, ethnic minorities, people with disabilities and LGBTQ+ individuals.
• We also want to make sure that our recruitment processes are as inclusive as possible. If you have a disability or health condition (for example dyslexia, autism, an anxiety disorder etc.) that may affect your performance in certain assessment types, please speak to your recruiter about potential reasonable adjustments.”
• Please be aware that many roles at BAE Systems are subject to both security and export control restrictions. These restrictions mean that factors such as your nationality, any nationalities you may have previously held, and your place of birth can restrict the roles you are eligible to perform within the organisation. All applicants must as a minimum achieve Baseline Personnel Security Standard. Many roles also require higher levels of National Security Vetting where applicants must typically have 5 to 10 years of continuous residency in the UK depending on the vetting level required for the role, to allow for meaningful security vetting checks

.