Product Cyber Resilience Manager (Radar and Advanced Targeting)

at  Leonardo UK Ltd

SKILL, QUALIFICATIONS & KNOWLEDGE - WHAT WE ARE LOOKING FOR?

In broad terms, you should have as many of the following as possible:

• Practical experience of developing a security or safety risk management system for complex products based on a recognised framework in a highly regulated industry such as aerospace, nuclear, automotive, rail or oil & gas;
• Practical experience of the System Development Life Cycle, Software Development Life Cycle, V-Models and Agile frameworks;
• Effective and flexible communication and interpersonal skills;
• Ability to interact with subject matter experts on a wide range of technical and operational topics;
• Excellent written and verbal communication skills, with the ability to coach and develop others;
• Ability to obtain SC security clearance and work within UKEO and US ITAR TAA restrictions;
• The ability to understand complex engineering processes and the inter-dependency of the process components;
• A passion for promoting and improving the safety and security of complex systems.

It would be desirable, but not essential, if you also had one or more of:

• Practical experience of ISO27001/27004/27005 or NIST Risk Management Framework (RMF);
• Knowledge of UK/NATO Information Assurance/Accreditation frameworks;
• Familiarity with the application of cyber resilience controls to embedded systems.

Primary Location:
GB - Edinburgh

WHAT YOU WILL DO:

Reporting to the relevant Head of Engineering Projects, you’ll be responsible for the provision of specialist, subject matter advice to the Integrated Product Teams within the line of business, whilst collaborating with your fellow Product Cyber Resilience Managers (PCRMs) across the enterprise.
You will be responsible for determining product cyber resilience objectives through security risk management techniques in regards to the Integrated Sensing products and then working with the engineering teams to achieve those objectives through the architecture and design the solution. You’ll also support the product assurance activities to verify compliance to those objectives and the transition to operations and ongoing through-life support.
The role will also include a focus on training and mentoring of RATS engineering staff of the internal IPTs in responsible roles to increase the awareness of cyber resilience as an issue.
As a key expertise to the RATS business and an associate of the Design Integrity function, you may be asked to undertake independent reviews and assessments of the outputs of your fellow PCRMs and IPTs of the other product sectors within RATS and potentially across Leonardo Electronics Division Lines-of-Business (LoB).
You’ll be working closely with supportive, talented and innovative engineers across the engineering delivery disciplines, contributing to continual improvement of the engineering capability of the RATS LoB, whilst also building strong relationships with our customers, partners and the specialist agencies within the UK and globally.
Day to day, you will be working closely with the Integrated Sensing Sector engineering delivery disciplines and IPTs, satisfying the contractual and regulatory cyber resilience requirements of systems supporting and delivering the assurance activities necessary for airborne systems, including Mission Critical and Flight Safety involved systems, often with demanding safety and security requirements themselves.

You will:

• Undertake the production of Security Managements Plans, work package descriptions and cost estimates in support of product bids, services and proposals.
• Review and provide guidance of security risk assessments, risk mitigation plans, mitigation gap analysis and preparation of security management documentation for system Accreditation, such as solution hardening guidance and security operating procedures.
• Defining product security requirements, advising development teams on suitable implementation standards and techniques and overseeing product development activities.
• Liaison with Security Accreditors and Security Assurance Coordinators in support of security Accreditation.
• Participate in internal and external discipline working groups and with academic partners covering Product Cyber Resilience and Product Security for various established and emerging standards.
• Contribute to continual improvement of the engineering capability within the RATS LoB.

LOCATION OF THE ROLE:

The RATS IPTs are mainly located in Edinburgh and Newcastle, but the Leonardo Electronics Division also has office facilities in Basildon, Luton, Southampton, Yeovil, Bristol and Lincoln.
Leonardo operates a system of “Custom Working” whereby remote or home working can be recognised from 0% to 100% depending upon role and business needs. As part of this, there may be a requirement for occasional travel to other locations within the UK and internationally.