The Security Lead (America) is responsible for managing the risk and information security governance within the BAE Digital Intelligence division. This includes providing regulatory and data compliance support to the business. The base location is in the UK, but the Information Security & Regulatory Officer will be involved in security and data compliance for global offerings with occasional travel to other company and client sites in the US and Europe.

Core duties are to support the US region and the Financial Services business globally in the following areas: operational risk management, maintaining regulatory compliance for products and operations, advising operations and product delivery in aspects of technical security, as well as, protective security. Core responsibilities include reacting to new threats and vulnerabilities, secure operational and service delivery consistent with corporate and regulatory security polices, standards and procedures, and handling security incidents of all types according to common principles and practices, consistent with legal & regulatory constraints and obligations:

• Understanding the implementation of compliance requirements as it relates to the region and its relationship to standards in use in North America, including FFIEC, NIST, ISO 27001 certification, HIPAA/HITECH, PIPEDA, SSAE18, PCI, GLBA, GDPR, and other legal or regulatory controls.
• Draft security related policies, Standard Operating Procedures (SOP), and technical guides as required.
• Maintaining security documentation in line with current security frameworks.
• Monitor and report upwards, IT Security vulnerabilities such as, but not limited to; malware, patching issues, lack of security software/hardware, Code of Connection, APT, viruses, worms, targeted/non-targeted network intrusion, and other IT security vulnerabilities.
• Support the Company and other Security teams with projects.
• Maintain records of all IT Security-related incidents to provide on-going metrics for trend analysis to drive security strategies.
• Organise and facilitate third party network vulnerability scanning and annual penetration testing of all relevant networks as required for corporate and third party client requirements.
• Support the business in identifying and managing risks to both the business, as well as, customer supported offerings.
• Directing and assessing regional Business Continuity Plans and representing the region at the group risk and security committee meetings.
• Assist US Legal Counsel with review of security requirements within contracts

• Assist with Client RFP reviews.
• Support procurement with security control reviews of third-party vendors as part of the Vendor Management Program
• Liaison with external compliance teams and auditors.
• Liaison with the Data Compliance team and line management.
• Ensure the region applies changes on policy and procedure as mandated by corporate demands.
• Promotion and provision of security awareness for the region.

Skills & Experience

This role will work closely with numerous departments including; Business Assurance/Risk (for Internal Audit), IT Security, Infrastructure Support, and Product. Therefore, previous experience of working cohesively alongside business stakeholders is essential.

Essential:

Governance

Management responsibilities Information Security Management Requirements such as ISO 27001, SSAE18 / SOC2 Type 2, FFIEC, HIPAA/HITECH, PCI, and GDPR

Existing and Emerging Vulnerabilities

Use of penetration testing and vulnerability testing

Business Engagement

Business Continuity Planning

Operating Procedures

Operational accountability

Communications

CISSP/CISM certified

Desirable:

Previous experience in the finance industry and experience with FFIEC examination process

IT Service Management processes, such as ITIL

Life at BAE Systems Digital Intelligence

We are embracing Hybrid Working. This means you and your colleagues may be working in different locations, such as from home, another BAE Systems office or client site, some or all of the time, and work might be going on at different times of the day. By embracing technology, we can interact, collaborate and create together, even when we're working remotely from one another. Hybrid Working allows for increased flexibility in when and where we work, helping us to balance our work and personal life more effectively, and enhance wellbeing.

Diversity and inclusion are integral to the success of BAE Systems Digital Intelligence. We are proud to have an organisational culture where employees with varying perspectives, skills, life experiences and backgrounds - the best and brightest minds - can work together to achieve excellence and realise individual and organisational potential.

About BAE Systems Digital Intelligence

BAE Systems Digital Intelligence is home to 4,800 digital, cyber and intelligence experts. We work collaboratively across 16 countries to collect, connect and understand complex data, so that governments, nation states, armed forces and commercial businesses can unlock digital advantage in the most demanding environments.

Launched in 2022, Digital Intelligence is part of BAE Systems, and has a rich heritage in helping to defend nations and businesses around the world from advanced threats.

Division overview: Functions

At BAE Systems Digital Intelligence, we pride ourselves in being a leader in the cyber defence industry, and the business could not operate without all the dedicated work of our Functions teams. From Finance & Operations through Communications & Marketing, to HR and Site Operations and more, our Functions teams enable our divisions to implement ground-breaking digital transformations and crucial defence software.

As part of Functions, you will be supporting and partnering with our global business from the backline, being a strategic advisor within your specialist area, and ensuring the business runs smoothly and efficiently. We all have a role to play in defending our clients; and this is yours.