In this role, you will:

• Perform compliance assessments and data security governance reviews for internal and

external service providers/product owners utilising established IT risk assessment frameworks and assessment programs

• Implement industry compliance frameworks and/or compliance regulations (HMG/UK MOD Requirements, ISO27001/2 Standards, UK/EU DPA/GDPR Personal Data Protection

Requirements)

• Assist in the maintenance UK Cyber Essentials Scheme certification / UK DCPP Cyber Security

Model (CSM) and US NIST CMMC compliance

• Assist in submission of Supplier Assurance Questionnaires (SAQs) and conduct Risk Assessments (RAs) as part of CSM and similar Supply Chain assurance processes
• Assist in the submission of DART/SbD Accreditation/Assurance and Risk Balance Case Submissions in coordination with Infrastructure/Application Owners and UK MOD CyDR CySAAS
• Conduct Firewall/Security Compliance Reviews and contribute to Architectural Reviews
• Support Legal, Contract, Bid Teams and Functional Compliance Owners with contract reviews and customer/supplier negotiations – cybersecurity and information assurance compliance aspects
• Assist in coordination/response to MODCERT alerts/directives and submission of WARP Incident Reports
• Provide practical recommendations to infrastructure/application/product owners to remediate control gaps based on risks
• Work in close daily partnership with UK, US and International Digital Technology and Cyber

teams across entire technology stack

• Work proactively as part of a cross-functional team engaging with, taking advice from and providing advice to: contracts, product, engineering, security, sourcing, legal, and compliance
• Establish operating rhythm to report out on key metrics including status of assessments and

issue management

• Interpret regulatory and contractual requirements, stay current and utilise industry standards and best practices to drive improvements in overall security posture of infrastructure,

applications and services

• Manage the documentation and response to regulatory compliance risk exceptions and

acceptances to ensure the appropriate level of business oversight

• Support the UK Cybersecurity Officer

• Actively engage with key regulatory agencies, customers and participate in UK DSB trade association related groups to influence regulation and interpretation

Education Qualification

Bachelor's Degree in Computer Science or “STEM” Majors (Science, Technology, Engineering and

Maths) or Vocational Equivalent, with advanced experience

Desired Characteristics

• Experience in designing, enhancing and implementing processes (lean experience a plus)
• CISSP/CISM/CISA certification – ISO27001 Lead Implementer/Auditor, MCIIS, ITPC, CCP or ex- CLAS a plus
• Experience in identification and remediation of security threats and risks
• Experience auditing technologies (e.g. Oracle ERP, Oracle Database, MS SQL, Windows, Unix, Linux, Cloud, etc)
• Familiar with HMG/MOD Information Assurance Standards and Requirements (e.g. HMG

SPF/GovS-007, NCSC & CPNI Guidance, UK MOD JSP 440, JSP 604, DEFCON 658, DEFSTAN 05-

138, etc) - familiarity with International Standards and Requirements (e.g. US NIST SP 800-53, SP800-171/2, CMMC, FAR/DFARS, NATO, OCCAR, AU DSD, etc) a plus

• Familiar with enterprise infrastructure designs and concepts including Authentication,

Logging, Interconnectivity, Internet and Application Proxy, Cloud Computing, Data Centre Hosting, Application Code Security, Virtual Computing, Database Administration, Data Storage, Data Backup, Encryption, Middleware, Firewall Policy, Operational Technology, Network Segmentation, Mainframe, etc. experience of NCSC architectural patterns and security principles a plus

• Strong functional team player with experience working seamlessly across a heavily matrixed

structure

• Excellent interpersonal, written/verbal communication and leadership skills with the ability to quickly build credibility, influence and make recommendations to all levels

Flexible Working

GE supports and encourages flexible working arrangements, where possible, and recognises the benefits to employees of having a positive work-life balance.

Total Reward

At GE Aviation we understand the importance of Total Reward. Our flexible benefits plan, called FlexChoice, gives you freedom, choice and flexibility in the way you receive your benefits, as well as giving you the opportunity to make savings where possible.

As a new joiner to GE we are pleased to be able to offer you the following as default in your benefit fund, which you then can tailor to meet your individual needs;

• Non-contributory Pension
• Life Assurance
• Group income protection
• Private medical cover
• Holiday Hourly equivalent of 26 days, with flexible option to buy or sell

Right to Work