Job Description

Cyber Assurance Manager (Eastern and Western Regions)

Grade: GG12 Location: Dhahran

JOB PURPOSE BAE Systems is the UK Government's nominated Prime Contractor under the Government-to-Government arrangements that are in place to provide equipment, support and training to Saudi Arabia. We provide maintenance of Royal Saudi Air Force aircraft and train RSAF personnel safely in a training environment in how to use their aircraft, equipment and weapons. BAE Systems Saudi Arabia is committed to supporting the Saudi Arabian National Agenda including Saudisation and the training and development of Saudi National capability through the growth of the Saudi National Partner Companies thereby reinforcing Industrialisation and Partnerships. RECRUITMENT SPECIFICATION

The job holder will carry out Governance, Compliance and Assurance reviews across the Eastern and Western regions ensuring alignment to Regulatory Accreditation and Global initiatives & Standards. Accountable for assuring BAE Systems Information Security Operations and Information Management. Accountable for ensuring that our customers and our Corporate Information security partners comply with our corporate security policies as set out within the IM&T Policy, Global Cyber Security Standards, BAE Systems Operational Framework. Acting as the Information Security Management (ISM) Interface to our regional customers & service providers within their region of responsibility. Assuring a quality ISM service delivery from KSA IT Service Providers within their region of responsibility. Providing assistance to local Security sources with the Information Management assurance of Facilities. Assuring Access controls, Protectively Marked Material (PMM), Responsible Document Management (RDM) & Document Creation Retention and Disposal (DCRD) and Highly Privileged Users (HPUs) and Critical Asset management within each region of responsibility. Assuring the Global (KSA) Information Security Awareness Training Programmes and initiatives. Assuring ISM activities with the Air UK CISO team as necessary. Managing and assuring the ISM compliance Return to Green (RTG) targets and corrective actions are carried out by Service Providers and the KSA business within their region of responsibility in a timely manner consistent with the agreed RTG plan. Providing and assuring data protection SME guidance and support as required within their region of responsibility. Managing and assuring compliance with and adoption of BAE Systems global best practise in regard to UK HMG Security Policy Framework, and Secure by Design principles. Managing and assuring Global Security initiatives such as Global Spear phishing and Insider Threat Programme as they occur. Providing the management direction and specialist advice for Business Information Security relating to business deliverables and service offerings and the interfaces in to external entities. Lead Investigator for the resolution of breaches and incidents detected by the security team Leads the development and assurance of the company Insider Threat Program Leads the assessment and approvals of all business requests through service request portal in regard to hardware/software/access. The job holder will provide BAE Systems in Saudi Arabia with Certificate Authority Officer management capabilities for Secure MIME email and act as the in Kingdom point of contact for the UK Head of Enterprise Federation within their region of responsibility. The job holder will complete the mandated Business unit SHE awareness training, The job holder will place SHE as an agenda item on/in all team communication and briefing sessions; The job holder will comply with all other responsibilities listed for 'All Employees' Maintaing a high level of Technical Attack Awareness in support of the company and our clients defence against information theft and technical surveillance Supports the TSCM capability deployment and development in his region (Training to be given if required). Supports the TSCM Team as a TSCM Operator and is qualified to conduct surveys alone or leading a team RECRUITMENT SPECIFICATION

Experience working in an Information Security Management position or similar role. A degree in a relevant field or UK Military experience in Cyber Security / Information Security. HMG UK Cryptographic management trained as a Cryptographic Custodian. (Can be gained in post). NB. UK MOD have directed that those handling UK Crypto must be sole UK Nationals. Strong leadership skills to provide professional Information security expertise and strong functional guidance in support of the business activities. Excellent relationship building and influencing skills to ensure that productive working ties are developed with business unit leadership in Kingdom, IT service providers, as well as developing and maintaining important and constructive working relationships with the business. Sound analytical and problem solving skills to be able to manage/solve complex security issues in a way that balances the business needs and risks with the appropriate security solutions A good understanding of applying National Security Requirements in an industrial context and preferably within the Defence industry. A good understanding of commercial security requirements affecting a major Aerospace and Defence company. An industry recognised in date IT security qualification is mandatory minimum requirement. (CISSP, CISM) Desirable: Security Auditing (CISA) (can be gained in post) A history of professional personal development within the IT Security field. BAE Systems Secure Email Certificate Authority Officer (CAO) trained The ability to influence internal and external stakeholders, up to VP level Proficiency in SFIA level 6 in information security and TSCM (latter can be gained in post)

BAE SYSTEMS At BAE Systems, we provide some of the world's most advanced, technology-led defence, aerospace and security solutions and employ a skilled workforce of some 82,500 people in over 40 countries. Working with customers and local partners, we develop, engineer, manufacture and support products and systems to deliver military capability, protect national security and people and keep critical information and infrastructure secure. All appointments in Saudi Arabia are subject to receipt of all necessary Government and/or Customer approvals.