Loading media...

Information Security Manager

Job description

Role Purpose 

The Information Security Manager reports to the VP of IT and Security and is responsible for the professional and effective governance and management of all Information, IT and Cyber Security requirements across Draken Europe. This role forms a vital piece of the business in a constantly evolving threat landscape and must be filled by a candidate capable of obtaining appropriate SC clearance. In addition, the role provides:

  • Support to the Business Development Programme Managers to drive secure development and delivery of Mission System capabilities, to manage system accreditation and to oversee security of capabilities through-life.
  • Support to the Head of Electronic Warfare to enable the secure delivery of Electronic Warfare Operations across Draken Europe.
  • Work alongside other Security and Safety Professionals within the business to drive a holistic approach to Enterprise security objectives.

Key Responsibilities

Information, IT & Cyber Security

  • Provision of support and Security Assurance on behalf of Draken Europe and its clients
  • Management and maintenance of the Information Security Risk Register.
  • Management and delivery of an effective Information Security Management System to support ISO27001 compliance
  • Liaising with internal and external stakeholders during information security incidents
  • Line management of a small team of information security analysts – general management responsibilities
  • Setting up, maintaining, and reviewing security controls and risk mitigation strategies
  • Maintaining a contemporary knowledge of current threats and cyber trends
  • Taking ownership of elements of the security strategy, suggesting continual improvements
  • Support to ongoing change programme from a security perspective
  • Liaising with project teams and overseeing projects from a security perspective, to ensure an effective ‘secure by design’ and ‘people first’ strategy is adopted across a variety of projects
  • Maintaining Security Governance and Risk Management reporting structures across programs, including Security Working Groups and internal governance forums
  • Responsible for overseeing, maintaining, and where required, the writing of up-to-date security related documentation, including RMADS, SyOPS, Risk Balance Cases, and Registers
  • Advice and oversight of all relevant Information Security activities, ensuring compliance with DefSTAN 05-138 (Cyber Security for Defence Suppliers) and ISO/IEC 27001 (Information Security Management), as required.
  • Provide IT and Cyber Security assurance and governance for Draken Europe corporate network systems and applications and provide SME oversight and review of MSSP support arrangements and outputs.
  • Ensure Draken Europe remains compliant and up to date with all applicable legislative Security requirements and documentation.
  • Conduct or support investigations into information security incidents and/or breaches, and associated reporting to MOD.
  • Subject Matter Expert support provision to create and execute an effective audit program

Information Security Expertise

  • Providing a focal point for Document/Information, IT and Cyber Security advice across Draken Europe.

Special Conditions

  • Ad Hoc / Out-of-Hours work during urgent / unforeseen business requirements.
  • Domestic / International travel as required.
  • Any other reasonable duties, which may requested that falls within the scope / capability of the incumbent.

Core Competencies

Qualifications

  • Security cleared to SC Level, or able to obtain – Required
  • Recognised Industry accreditations and certifications e.g. CISSP, CISM, Security Institute Membership, ISO Auditor, GIAC or other applicable professional development – Desirable

Our work is constantly evolving to support the vast array of customer needs in the defence and aerospace industry, therefore the ability to be adaptable and conduct research into knowledge gaps is essential for driving development of both the function and the individual. You should be confident in delivering presentations of solutions and designs to a wide group of individuals as some of your audience will be unaware of the technical knowledge required to fully understand the concept.

Knowledge of industry related standards and the UK’s approach to Security across technical and information domains will be advantageous in preparing you to prevail. While we value candidates with qualifications and experience that will assist them in the role, Draken also seeks to hear from individuals interested in the role with limited qualifications but abilities and attitude that would make them successful in this position. If you think you would be a good fit to our valued team and would like to support our mission of providing exceptional readiness for our customers, don’t hesitate in applying.

Background and Experience

  • An Information Security background preferably with experience of the Defence Sector, including an applied understanding of the compliance requirements of HMG documents including the SPF, GovS 007, GSC May 2018, Def Stan 05-138 and DefCon658 – Required
  • Working knowledge of ISO/IEC 27001 Information Security Management Controls - Required
  • Demonstrable Risk Management experience in writing, updating and reviewing Risk Management documentation including SyOPS, Risk Balance Cases and Policies – Required
  • Solution-based understanding of technical security and information assurance risk management across varied IT/OT scenarios – Required
  • Familiar with MoD, NIST, CUI and ITAR regulations and security constraints – Desirable
  • Understanding of the security and accreditation processes – Desirable

Personal Attributes

  • Strong Stakeholder engagement and management ability to lead on security initiatives
  • Self-motivated, assertive, resilient with the ability to hold their own
  • Excellent verbal and written communication to present information to technical and non-technical individuals at all levels of leadership
  • Ability to multi-task, working on and prioritising multiple projects and tasks concurrently
  • Excellent problem solving and analytical skills
  • Good organisational and time management skills, with the ability to achieve tight deadlines
  • High degree of computer literacy
  • Ability to maintain high levels of integrity, work ethic and confidentiality

Key Measures

  • Effective control and governance of the Information, IT & Cyber Security environment
  • Effective management of the collection of DART Targets of Accreditation (TOA)
  • Effective maintenance of operational security and compliance with industry standards.
  • Compliance with the Draken Values, standards, policies and processes
  • Contributing to the continuous improvement of Draken Europe’s Information Security System
  • Stretch Objectives set during annual Personal Development Review (PDR)

Draken is committed to eliminating unlawful and unfair discrimination and we celebrate the differences that a diverse workforce brings. A range of perspective and talent supports our values and drives our success, with a mix of voices generating better discussions, business decisions and outcomes for all.

To us, diversity means bringing your own perspective to the conversation; inclusion means having a voice - and equality means that your voice is heard.

At all our sites internationally, every member of the Draken Europe team is accountable to ensure that we are all treated fairly and with respect.

Intolerance has no place in our Company. We condemn it outright. Instead, we strive to create a culture where each person who joins our team feels they have the opportunity to succeed, to grow, and to work within an environment where they can be themselves.

Job type
Permanent
Posted
2022-11-29T00:00:00