Cybersecurity Operations Lead

Location: Templecombe, United Kingdom

Thales people provide armed forces customers with operational advantage at every decisive moment throughout the mission. Defence and armed forces customers rely on us to deliver the full range of defence mission systems solutions at land, sea, and air. Our platforms extend across the battlespace including Above and Sonar, Electronic Combat, and Intelligence, Surveillance and Reconnaissance systems.

Together we offer fantastic opportunities for committed employees to learn and develop their career with us. At Thales UK, we research, develop, and supply technology and services that impact the lives of millions of people each day to make life better, and keep us safer. We innovate across the major industries of Aerospace, Defence, Security and Space. Your health and well-being matters to us and that’s why we offer you the flexibility to do what’s important to you; whether that’s part time hours, job sharing, home working, or the ability to flex your start and finish times. Where possible, we support a working pattern that suits your lifestyle and helps you reach your ambitions.

The primary purpose of the Cybersecurity Operation Lead (COL) is to work with the UWS Head of Engineering Operations to develop and optimise enhance all non-IS and ‘product’ related development environments on which UWS solutions are developed and to manage the cyber posture of our deployed solutions within our customers operational environment as part of In-Services support phase.

This role will focus on: 1) management of the cyber posture of Business Managed Networks (BMNs), test benches & cloud platforms, to ensure the ongoing compliance with Thales Group Policy, Cybersecurity instructions, as well as UK national cyber regulations and customer contractual obligations; and 2) define and manage the approach to supporting cyber changes to in-service products.

This role demands professional engineering management capabilities, strong leadership, and management skills. It involves the ability to understand and thrive in complex situations, simplifying and shaping solutions from complexity, and providing clarity to others. It also necessitates accomplished stakeholder management skills to maintain a strong cross-discipline network, within and outside of UWS.

Principal Relationships:

As part of the UWS Engineering Operations team you will interact with the following key roles:

• The UWS Cybersecurity Operation Lead reports to the UWS Head of Engineering Operations

• The UWS Cybersecurity Operation Lead works closely with the UWS Engineering Director, UWS Heads of Engineering Discipline and UWS Heads of Engineering Delivery to understand demands and requirements of the UWS business

• The UWS Cybersecurity Operation Lead works closely with the UWS Cyber Design Authority (CyDA)/Cyber Assurance Manager (CyAM), the UK Corporate Security function and UWS SIRO.

Key Responsibilities and Tasks:

The list below is indicative of the tasks within the Cyber Operations Lead role:

•           Secure Development Environments:

• Ensure that all necessary resources (human, technical, financial, etc.) are quantified and captured to comply with cybersecurity requirements, rules, and regulations for BMNs, test benches, cloud platforms during the bid phase to ensure adequate cybersecurity provision.

• Endorse the assignment of cyber resource for Project Security Officer (PSO) roles to deliver appropriate assurance of the project development environment in accordance with contractual obligations and the UK Corporate ISMS.

• Coach, mentor and provide advice to allocated PSO resource in the interpretation of contractual obligations, cyber security policy and UK Corporate ISMS.

• Review, approve and monitor implementation of project security management plans in accordance with the UK Corporate ISMS; identify opportunities to mutualise, establish consistencies and achieve efficiencies.

• Ensure BMNs approval for operation and interconnections are authorised in accordance with the UK Corporate Security BMN process in collaboration with the UK Corporate Security function and UK Chief Information Security Officer (CISO).

• Monitor, audit and report on BMNs operation and maintenance activities to business stakeholder to determine alignment with the risk tolerance of the organization.

•           In-Service Support:

• Define and ensure capabilities (tools, processes and roles) are in place for in-service support phase for solutions, projects and services.

• In coordination with legal and contracts teams, analysis cybersecurity specific contractual clauses, Security Aspect Letters, DEFCON’s and DEF STAN’s to quantify and capture Thales’ obligations.

• Support the procurement teams to evaluate supplier’s cybersecurity maturity and ability to meet customer’s contractual obligations. 

• Define the UWS UK business incident management process in coordination with the UWS CyDA/CyAM. Participate in resolution of cyber security incidents and crisis related to deployed solution, BMN’s and supplier’s including reporting in accordance with contractual obligations.

• Define and ensure secure disposal of solutions, BMNs and customer data in accordance with contractual obligations.

•           Cyber Improvements:

• In cooperation with the UWS CyDA conduct a Cyber security maturity assessment of UWS UK on an annual basis. Analysis results and provide cyber input into the Engineering Performance Plan (EPP) to support MYB process.

• Take ownership and manage delivery of EPP and Cyber objectives, report progress and outcomes.

• Developing the Cyber Security Management System (CSMS), associated RACI and cyber skills enhancements required across the UWS UK business.

• Act as part of a wider Engineering Operations team, focused on ensuring that the engineering management team are able to operate as efficiently as possible. This includes supporting the monthly engineering reporting cycle through provision of metrics and identification of actions, blockers, issues, etc. to be resolved.

Skills & Behaviours

Essential

• Degree in Engineering, Computer Science or any other related field in university [preferably with a speciality in Cryptology, Control systems or Cybersecurity]

• Knowledge of relevant information security standards, e.g. UN-R155, UN-R156, ISO 21434, ISO 27001 and ISO 27005

• Knowledge of Chorus 2.0 processes (or similar BMS/QMS) and the regulatory framework that Thales operates within

• Familiar with data analysis, data processing and IT and cyber security

• Leadership and team management: lead by example, inspire, motivate and engage teams, provide direction, support and develop individuals, delegate responsibilities, encourage collaboration

• Problem evaluation: problem characterisation, problem structuring, analysing information, documenting evidence, interpreting data, presenting solutions

• Driving success: taking action, seizing opportunities, pursuing goals, motivating others, building teams

• Building collaboration: persuading and negotiating with own perspective, listening and engaging to other perspectives, working towards creating shared objectives and actions

• Building network: identifying and meeting stakeholders, building relationships, establishing rapport,  maintaining relationships, understanding people, valuing individuals

• Communication: influencing people, articulating/translating information, creating and delivering communication plans

Desirable

• Knowledge of Thales business structures and processes. How UWS operates and how we use toolsets to promote efficiency (incl. Thales and UWS internal processes, i.e. S&OP (Supply & Operational Planning))

• Project management approaches, tools and techniques. You can adopt those most appropriate for the environment

Security Clearance Statement:

Due to the nature of the work that we do at Thales, many of our roles are subject to security restrictions.  This role requires you to be a UK National and achieve Security Clearance (SC) without any caveats. It would be advantageous if currently held, however, if not currently held, it is a requirement that the successful applicant undergo, achieve, and maintain SC Clearance prior to commencing employment.  If approved by the MOD, a dual national from a Non-ITAR country may be considered.  Please visit the UKSV website for further guidance.

To be eligible for full SC, you generally need to have resided in the UK for the last 5 years.  In some circumstances, a minimum of 3 years’ residence in the UK over the last 5 years may be accepted, with additional overseas checks.

#LI-DB1

In line with Thales' Baseline Security requirements, candidates will be asked to provide evidence of identity, eligibility to work in the UK and employment and/or education history for up to three years. Some vacancies may require full Security Clearance which can require further evidence to be provided. For further details of the evidence required to apply for Baseline and Security Clearance please refer to the Defence Business Services National Security Vetting (DBS NSV) Agency.

At Thales we provide CAREERS and not only jobs. With Thales employing 80,000 employees in 68 countries our mobility policy enables thousands of employees each year to develop their careers at home and abroad, in their existing areas of expertise or by branching out into new fields. Together we believe that embracing flexibility is a smarter way of working.

Thales UK is committed to providing an inclusive and barrier-free recruitment process. We will provide reasonable adjustments and support to ensure neuro-diverse applicants or those with a disability or long-term condition can be their best during the recruitment process. To request an adjustment, if you need this job advert in an alternative format or if you have any questions about the recruitment process, please contact Resourcing Ops for mid to senior roles, or the Early Careers Team for graduate and apprentice roles.

Great journeys start here, apply now!