Cybersecurity Operations Lead

The primary purpose of the Cybersecurity Operation Lead (COL) is to work with the UWS Head of Engineering Operations to develop and optimise enhance all non-IS and ‘product’ related development environments on which UWS solutions are developed and to manage the cyber posture of our deployed solutions within our customers operational environment as part of In-Services support phase.

• Management of the cyber posture of Business Managed Networks (BMNs), test benches & cloud platforms, to ensure the ongoing compliance with Thales Group Policy, Cybersecurity instructions, as well as UK national cyber regulations and customer contractual obligations.
• Define and manage the approach to supporting cyber changes to in-service products.
• Ensure that all necessary resources (human, technical, financial, etc.) are quantified and captured to comply with cybersecurity requirements, rules, and regulations for BMNs, test benches, cloud platforms during the bid phase to ensure adequate cybersecurity provision.
• Endorse the assignment of cyber resource for Project Security Officer (PSO) roles to deliver appropriate assurance of the project development environment in accordance with contractual obligations and the UK Corporate ISMS.
• Coach, mentor and provide advice to allocated PSO resource in the interpretation of contractual obligations, cyber security policy and UK Corporate ISMS.
• Review, approve and monitor implementation of project security management plans in accordance with the UK Corporate ISMS; identify opportunities to mutualise, establish consistencies and achieve efficiencies.
• Ensure BMNs approval for operation and interconnections are authorised in accordance with the UK Corporate Security BMN process in collaboration with the UK Corporate Security function and UK Chief Information Security Officer (CISO).
• Monitor, audit and report on BMNs operation and maintenance activities to business stakeholder to determine alignment with the risk tolerance of the organization.
• Define and ensure capabilities (tools, processes and roles) are in place for in-service support phase for solutions, projects and services.
• In coordination with legal and contracts teams, analysis cybersecurity specific contractual clauses, Security Aspect Letters, DEFCON’s and DEF STAN’s to quantify and capture Thales’ obligations.
• Support the procurement teams to evaluate supplier’s cybersecurity maturity and ability to meet customer’s contractual obligations.
• Define the UWS UK business incident management process in coordination with the UWS CyDA/CyAM.
• Participate in resolution of cyber security incidents and crisis related to deployed solution, BMN’s and supplier’s including reporting in accordance with contractual obligations.
• Define and ensure secure disposal of solutions, BMNs and customer data in accordance with contractual obligations.
• In cooperation with the UWS CyDA conduct a Cyber security maturity assessment of UWS UK on an annual basis.
• Analysis results and provide cyber input into the Engineering Performance Plan (EPP) to support MYB process.
• Take ownership and manage delivery of EPP and Cyber objectives, report progress and outcomes.
• Developing the Cyber Security Management System (CSMS), associated RACI and cyber skills enhancements required across the UWS UK business.
• Act as part of a wider Engineering Operations team, focused on ensuring that the engineering management team are able to operate as efficiently as possible.

• Degree in Engineering, Computer Science or any other related field in university [preferably with a speciality in Cryptology, Control systems or Cybersecurity]

• Knowledge of relevant information security standards, e.g. UN-R155, UN-R156, ISO 21434, ISO 27001 and ISO 27005
• Knowledge of Chorus 2.0 processes (or similar BMS/QMS) and the regulatory framework that Thales operates within
• Familiar with data analysis, data processing and IT and cyber security
• Leadership and team management: lead by example, inspire, motivate and engage teams, provide direction, support and develop individuals, delegate responsibilities, encourage…