Security Consultant
BAE Systems
- Gloucester
- Permanent
- Full-time
- Lead cybersecurity risk assessments, ensuring that risks are identified, evaluated, and appropriate mitigation strategies are developed and delivered.
- Develop a comprehensive understanding of client estates and identify security weaknesses against international standards such as ISO27001 and NIST and develop and produce security improvement plans the BAE Systems business and IT/OT estate, working with various security and threat teams to help prioritise and categorise systems based on their risk
- Develop and maintain the company’s cyber risk management strategy in alignment with industry best practice and regulatory requirements
- Collaborate with senior stakeholders to ensure the cyber risk management programme supports business objectives and operational needs
- Establish and maintain relationships with key stakeholders across the organisation, promoting a culture of cyber security risk awareness
- Create and set-up GRC tools to track and standardise approach to risk assessments and the ongoing management of security improvement plans.
- Lead small and dedicated team of between 2 and 6 people and plan all activities and deliver contractual to the required quality, time and cost parameters. Conduct analysis of information risks at a system, platform or organisational level, including assessment of risk, identification of options for mitigation, and assessment of compliance with control
- Ability to articulate security advice, often at a technical level, directly to key customer stakeholders
- Excellent interpersonal skills as well as both written and verbal communication and presentation skills
- You will be confident tackling problems and crisis situations, inspiring confidence in the team.
- Proven ability to effectively lead multiple streams and/or deliverables with responsibility for delivering to plan.
- Ability to prioritise workload, work well under pressure and concurrently manage both customer and BAE Systems expectations
- You will have experience in a relevant commercial industry such as financial Robust understanding of risk management theory and frameworks (NIST, ISO)
- Previous experience working in large, internationally distributed and complex organisations
- Ability to manage and influence a wide range of senior stakeholders effectively
- Ability to effectively write reports and present to a high level
- CISSP, CRISC, CISM or other advanced cyber security certification