Head of Product Security Capability (UK)

Leonardo Lincoln, England, United Kingdom

The main purpose of this role is the coordination of product cyber resilience activities, in particular, within the technical and business functions, to ensure continued product compliance with internal and external cyber security standards. Working with the senior leadership team within Product Security across all lines of business, you will have responsibility for the Electronics UK Product Security and Information Management System, security tools and process and their effectiveness.

Your Impact

Working in our Electronics division (LEUK), you will have responsibility for the coordination of product cyber resilience activities. You will also lead the Product Compliance Team Product Security Working Group. The role is working on a hybrid basis and can be based at any of the following sites; Edinburgh, Luton, Basildon, Southampton, Newcastle, Bristol and Lincoln.

Responsibilities:

• Partnering with technical and business functions across LEUK to ensure continued compliance with internal and external cyber security standards.
• Maintain the Electronics Product Security and Information Management System, security tools and process.
• Liaise with external Security Accreditors and Security Assurance Coordinators in support of security accreditation.
• Regularly refresh current knowledge of security legislation in UK, EU and relevant markets for LEUK.
• Advising internal stakeholders to promote security culture, working with security teams to ensure secure working practices are adhered to.
• Developing and delivering training courses and presenting on Product Security and Information Assurance matters.
• Performing audits of internal and external subcontract teams assuring that security and Information Assurance requirements are achieved.

Requirements:

• Recent Hands-on experience of developing a robust security risk management system for complex products and high integrity electronic systems.
• Familiarity with current Legislation – eg IPA, DPA, Official Secrets Act.
• Registration with NCSC Certified Professional at lead level, or equivalent NCSC recognised qualification.
• Knowledge of UK/NATO Information Assurance standards, procedures & systems, including HMG Security Policy Framework, ISO security standards, DO326A.
• Familiarity with incident investigation processes and knowledge of how to implement an investigation process.
• Practical experience of NCSC and Common Criteria security evaluation techniques and requirements up to High Grade.
• Knowledge of current Crypto technologies, Key Management Systems & practical COMSEC implementations.

What we offer:

• Generous leave with the opportunity to accrue up to 12 additional flexi-days each year.
• Award-winning pension scheme with up to 15% employer contribution.
• Free access to mental health support, financial advice, and employee-led networks championing inclusion and diversity.
• Bonus scheme for all employees at management level and below.
• Free access to 4,000+ online courses via Coursera and LinkedIn Learning.
• Refer a friend scheme with a financial reward.
• Flexible benefits including private healthcare, dental, family cover, tech & lifestyle discounts, gym memberships and more.
• Flexible working hours with hybrid working options.

Leonardo is a global leader in Aerospace, Defence, and Security. We are committed to building an inclusive, accessible, and welcoming workplace. If you have any accessibility requirements to support you during the recruitment process, just let us know.

Leonardo is an equal opportunities employer. We welcome applications from all sections of the community and are committed to equal opportunities for all.