BAE Systems Digital Intelligence is home to 4,800 digital, cyber and intelligence experts. We work collaboratively across 16 countries to collect, connect and understand complex data, so that governments, nation states, armed forces and commercial businesses can unlock digital advantage in the most demanding environments.
|
BAE Systems Digital Intelligence
Role Profile
|
|
|
|
|
|
|
1. Role Details
|
|
Job Role
|
Information Security Supply Chain Officer
|
Reports To
(job role)
|
Information Security Assurance Lead
|
|
Business Unit/
Capabilities/Function
|
Security
|
Sub Group/
Practice
|
Information Security Team
|
|
Grade
|
F04
|
Date Created
|
May 2023
|
|
2. Role Purpose
|
- Information Security’s mandate is to reduce risk exposure and certify that controls are in place to assure the confidentiality, integrity and availability of information flow, both internally and externally.
- Team members work in collaboration with Programme and Project Managers, Architects, Business Analysts, Suppliers and specialist teams (Procurement, Data Privacy, Engineering, Cloud Operations, Networking and Infrastructure).
- As Information Security Supply Chain Officer you will be working within a multifaceted group, providing, managing and promoting Supply Chain Management (“SCM”) on behalf of Digital Intelligence.
- As the SCM SME (Subject Matter Expert) you will certify compliance, risk mitigation/elimination and critical security control observance of Digital Intelligence’s supply chain.
- Addition duties, for example during peak workflows or leave cover, will be to provide assistance by undertaking other analytical and reporting duties.
|
|
3. Core Duties / Key Accountabilities
|
- Information Security’s main point of contact for Supplier management, maintenance and reassessment.
- 3rd party and selective 4th party vendor assessments, liaising with the Supplier Owners, corresponding with vendors, assessing submissions, and subsequently approving/rejecting applications.
- Maintaining master records, undertaking annual/bi-annual and tertiary reassessments.
- Support in the measurement and reporting of Supplier risk and associated threat management.
- Maintain relationship with risk management SaaS platform provider.
- Assist in activities to preserve Supplier compliance with BAE Systems standards; NIST 800-53, ISO27001, Cloud frameworks and allied legal and regulatory controls.
- Support the InfoSec Assurance Officer and/or Lead in the provision of various local and regional security services.
- Provide assistance to other InfoSec team members when requested, for example InfoSec Operations, assisting with workloads and knowledge transfer.
- Accept ad-hoc responsibilities as directed by the Head of Information Security or Chief Security Officer.
- Promote and embrace BAE Systems Behaviours.
|
|
Budget Holder Responsibility (if applicable):
|
|
Vendor Management Responsibility (if applicable):
- Liaison with Procurement, Privacy/Legal team, Supplier Owners, 3rd Party Vendors, and Service Providers.
- Liaison with Project teams collectively or individual team members.
- Liaison with Stakeholders.
|
|
Direct Reports (if applicable):
|
|
Accountable for overall headcount of (if applicable):
|
|
4. Functional Knowledge (Requirements for knowledge of functional work and activities, the technical expertise)
|
|
Requirements:
- Experience of working within Supplier Relationship Management, enterprise-wide assessment of Suppliers’ security posture, performance and capabilities.
- Ability to work within multifaceted team environment, possessing organisational, time management and discretionary skills.
- An ability to work independently and engage with 3rd and 4th Party Vendors, Supplier Owners, Service Providers, Procurement, Data Privacy, Project Teams and stakeholders.
- Analytical, problem-solving and interpersonal skills.
Desirable Qualifications:
- Desirable: recognised professional or security qualification, supply chain management certification, membership of an applicable professional organisation, e.g. IoSCM, ASCM
- Excellent communications and documentation skills.
- Ability to obtain Security Check (SC) clearance.
- UK National status or equivalent residency status.
|
|
5. Business Expertise (Requirements of the role for knowledge and expertise about the business, rather than the technical expertise)
|
- Understanding key connections, roles and relationships.
|
|
6. Leadership (Requirements of the role for providing leadership and guidance to others, complexity of team(s) managed)
|
- Direction and support of BAE Systems Digital Intelligence employees, providing expertise and guidance.
|
|
7. Problem Solving (Breadth of mental skills required in order to perform the role)
|
- Applying process, policy and procedure to ensure personnel, infrastructure, information and assets are secure.
- Ability to identify and effectively communicate business related security risks.
|
|
8. Nature of Impact (Impact on business by detailing the overall responsibility associated with the role)
|
- Responsible for ensuring continual compliance in line with Assurance activities.
|
|
9. Area of Impact (Business area impacted Delivery/Functional)
|
- BAE Systems plc and subsidiaries including personnel, infrastructure, Cloud, information and assets.
|
|
10. Interpersonal Skills (Type of people skills required to perform the job, internal/external)
|
|
Desirable:
- Ability to take a risk-based and pragmatic approach on activities to organise, prioritise and action a variety of tasks through to conclusion.
- Experience with real world supply chain security issues, gained from working with commercial and/or non-commercial business systems.
- A comprehension of IT infrastructure (on and off premises and how security principles are applied.
- Working understanding of, but not limited to, Cloud security, identity and access management, change management, security governance, cryptology, threat landscape.
Requirements:
- Key Interpersonal Skills:
- Able to work on own initiative as well as guide team members.
- An ability to manage time and commitments.
- Ability to communicate effectively across a variety of organisational levels and with internal and external stakeholders.
- Drive to develop and maintain key relationships with Business Division and Function teams and managers.
|
Life at BAE Systems Digital Intelligence
We are embracing Hybrid Working. This means you and your colleagues may be working in different locations, such as from home, another BAE Systems office or client site, some or all of the time, and work might be going on at different times of the day.
By embracing technology, we can interact, collaborate and create together, even when we’re working remotely from one another. Hybrid Working allows for increased flexibility in when and where we work, helping us to balance our work and personal life more effectively, and enhance well-being.
Diversity and inclusion are integral to the success of BAE Systems Digital Intelligence. We are proud to have an organisational culture where employees with varying perspectives, skills, life experiences and backgrounds – the best and brightest minds – can work together to achieve excellence and realise individual and organisational potential.
Division overview: Functions
At BAE Systems Digital Intelligence, we pride ourselves in being a leader in the cyber defence industry, and the business could not operate without all the dedicated work of our Functions teams. From Finance & Operations through Communications & Marketing, to HR and Site Operations and more, our Functions teams enable our divisions to implement ground-breaking digital transformations and crucial defence software.
As part of Functions, you will be supporting and partnering with our global business from the backline, being a strategic advisor within your specialist area, and ensuring the business runs smoothly and efficiently. We all have a role to play in defending our clients; and this is yours.
