Cyber Security & Information Assurance Advisor

Cyber Security & Information Assurance Advisor Remote

GE Aviation
Full Time Remote 10.56 - 12.04 GBP Today
Job description

Job Description Summary

The Staff Regulatory Compliance Analyst, will be responsible for regulatory IT compliance tasks for new and existing non-commercial (e.g., GE Enterprise) products and processes for the Digital business organization.

Job Description

In this role, you will:

  • Perform compliance assessments and data security governance reviews for internal and

external service providers/product owners utilising established IT risk assessment frameworks and assessment programs

  • Implement industry compliance frameworks and/or compliance regulations (HMG/UK MOD Requirements, ISO27001/2 Standards, UK/EU DPA/GDPR Personal Data Protection

Requirements)

  • Assist in the maintenance UK Cyber Essentials Scheme certification / UK DCPP Cyber Security

Model (CSM) and US NIST CMMC compliance

  • Assist in submission of Supplier Assurance Questionnaires (SAQs) and conduct Risk Assessments (RAs) as part of CSM and similar Supply Chain assurance processes
  • Assist in the submission of DART/SbD Accreditation/Assurance and Risk Balance Case Submissions in coordination with Infrastructure/Application Owners and UK MOD CyDR CySAAS
  • Conduct Firewall/Security Compliance Reviews and contribute to Architectural Reviews
  • Support Legal, Contract, Bid Teams and Functional Compliance Owners with contract reviews and customer/supplier negotiations – cybersecurity and information assurance compliance aspects
  • Assist in coordination/response to MODCERT alerts/directives and submission of WARP Incident Reports
  • Provide practical recommendations to infrastructure/application/product owners to remediate control gaps based on risks
  • Work in close daily partnership with UK, US and International Digital Technology and Cyber

teams across entire technology stack

  • Work proactively as part of a cross-functional team engaging with, taking advice from and providing advice to: contracts, product, engineering, security, sourcing, legal, and compliance
  • Establish operating rhythm to report out on key metrics including status of assessments and

issue management

  • Interpret regulatory and contractual requirements, stay current and utilise industry standards and best practices to drive improvements in overall security posture of infrastructure,

applications and services

  • Manage the documentation and response to regulatory compliance risk exceptions and

acceptances to ensure the appropriate level of business oversight

  • Support the UK Cybersecurity Officer

  • Actively engage with key regulatory agencies, customers and participate in UK DSB trade association related groups to influence regulation and interpretation

Education Qualification

Bachelor's Degree in Computer Science or “STEM” Majors (Science, Technology, Engineering and

Maths) or Vocational Equivalent, with advanced experience

Desired Characteristics

  • Experience in designing, enhancing and implementing processes (lean experience a plus)
  • CISSP/CISM/CISA certification – ISO27001 Lead Implementer/Auditor, MCIIS, ITPC, CCP or ex- CLAS a plus
  • Experience in identification and remediation of security threats and risks
  • Experience auditing technologies (e.g. Oracle ERP, Oracle Database, MS SQL, Windows, Unix, Linux, Cloud, etc)
  • Familiar with HMG/MOD Information Assurance Standards and Requirements (e.g. HMG

SPF/GovS-007, NCSC & CPNI Guidance, UK MOD JSP 440, JSP 604, DEFCON 658, DEFSTAN 05-

138, etc) - familiarity with International Standards and Requirements (e.g. US NIST SP 800-53, SP800-171/2, CMMC, FAR/DFARS, NATO, OCCAR, AU DSD, etc) a plus

  • Familiar with enterprise infrastructure designs and concepts including Authentication,

Logging, Interconnectivity, Internet and Application Proxy, Cloud Computing, Data Centre Hosting, Application Code Security, Virtual Computing, Database Administration, Data Storage, Data Backup, Encryption, Middleware, Firewall Policy, Operational Technology, Network Segmentation, Mainframe, etc. experience of NCSC architectural patterns and security principles a plus

  • Strong functional team player with experience working seamlessly across a heavily matrixed

structure

  • Excellent interpersonal, written/verbal communication and leadership skills with the ability to quickly build credibility, influence and make recommendations to all levels

Flexible Working

GE supports and encourages flexible working arrangements, where possible, and recognises the benefits to employees of having a positive work-life balance.

Total Reward

At GE Aviation we understand the importance of Total Reward. Our flexible benefits plan, called FlexChoice, gives you freedom, choice and flexibility in the way you receive your benefits, as well as giving you the opportunity to make savings where possible.

As a new joiner to GE we are pleased to be able to offer you the following as default in your benefit fund, which you then can tailor to meet your individual needs;

  • Non-contributory Pension
  • Life Assurance
  • Group income protection
  • Private medical cover
  • Holiday Hourly equivalent of 26 days, with flexible option to buy or sell

Right to Work

Applications from job seekers who require sponsorship to work in the UK are welcome and will be considered alongside all other applications. However, under the applicable UK immigration rules as may be in place from time to time, it may be that candidates who do not currently have the right to work in the UK may not be appointed to a post if a suitably qualified, experienced and skilled candidate who does not require sponsorship is available to take up the post. For further information please visit the UK Visas and Immigration website.

Security Clearance

Baseline Personnel Security Standard (BPSS) clearance is required and must be maintained for this role. Please note that in the event that BPSS clearance cannot be obtained, you may not be eligible for the role and/or any offer of employment may be withdrawn on grounds of national security. Please see the link below for further details regarding the requirements for BPSS clearance: https://www.gov.uk/government/publications/government-baseline-personnel-security-standard

UK Security Clearance

UK Security Clearance (SC) is required and must be maintained for this role. Candidates who do not meet the minimum requirements for UK Security Clearance are not eligible for this role on grounds of national security. If UK Security Clearance is not obtained, any offer of employment may be withdrawn on grounds of national security.

Additional Information

Relocation Assistance Provided: No

#LI-Remote - This is a remote position

Cyber Security & Information Assurance Advisor
GE Aviation

www.geaerospace.com
Cincinnati, United States
Larry Culp
$25 to $50 million (USD)
1001 to 5000 Employees
Subsidiary or Business Segment
Aerospace & Defence
1917
Related Jobs

All Related Listed jobs

Assistant General Manager - The Vines
Lark Lane Hospitality Liverpool, England 30000 GBP ANNUAL Today

Guest management - both ensuring an excellent experience to those frequenting the venues, as well as dealing with problematic customers, guaranteeing staff aren

FOH Security Officer
Samsic UK Chiswick, England 12.5 GBP HOURLY Today

This is a customer facing role where you will be responsible for protecting both the staff working on the premises and also the customers entering the buildings

Multiskilled Mechanical Operative
Chester Zoo Chester, England 26487 GBP ANNUAL Today

Be courteous and respectful within a busy, public facing organisation. Work to achieve personal targets and make efficient use of time and material resources.

bartender
Pitcher & Piano Bristol, England 11 - 10.5 GBP HOURLY Today

Looking for a weekend bartender (Fridays & Saturdays). Approximately 20-25 hours.

At Pitcher & Piano we've been in the business for...

Customer Success Executive
First Mile Birmingham, England 22000 GBP ANNUAL Today

Answering calls from existing customers: taking orders and dealing with general enquiries. Outgoing courtesy calls to existing clients to check the services are