At Boeing, we innovate and collaborate to make the world a better place. From the seabed to outer space, you can contribute to work that matters with a company where diversity, equity and inclusion are shared values. We’re committed to fostering an environment for every teammate that’s welcoming, respectful and inclusive, with great opportunity for professional growth. Find your future with us.
Introduction:
Boeing Defence UK (BDUK) is a subsidiary of the Boeing Company and currently employs over 1,500 people in the UK. BDUK is currently responsible for delivering support to a variety of Logistics Applications via the Bridging the Gap (BtG) contract. As part of the delivery of this contract the Information Assurance Team provides assurance support to the MOD which encapsulates supporting a number of applications to the standards required by both Boeing and the BtG contract.
The Role:
An exciting opportunity has become available to join the BDUK Information Assurance Team as an Information Assurance Adviser in support of the BtG contract.
This Information Assurance Adviser position is an opportunity to join a multi-skilled security team that delivers all aspects of protective security to BDUK, including information security and assurance, personnel security, business continuity and counter threat support and risk advice. The successful candidate would be a part of a supportive team of around 25, with access to varied work and opportunities to progress their career alongside the growth of the business. At Boeing we’re committed to rewarding excellence and fostering an inclusive environment where team members are seen, heard, valued, respected and fully engaged.
Responsibilities:
The Information Assurance Adviser maintains the deployment of programme Information Security and Assurance for assigned systems to meet the programme and enterprise requirements, policies, standards, guidelines and procedures:
Performs Information Assurance and Security compliance through continuous monitoring.
Performs and participates in Information Assurance and Security assessments and audits.
Prepares, reviews, and presents technical reports and briefings.
Identifies and contributes to the identification of root causes, prioritizes threats and recommends/ implements corrective action.
Demonstrates technical knowledge and methods regarding information security best practices.
Supports and explores enterprise-wide information security policies, standards, guidelines and procedures that may reach across multiple stakeholder organizations.
Support BDUK assurance interests at the GOSCC at Corsham.
This position is based in Bristol, UK with some possibility of flexible work arrangements. The selected candidate will be required to spend time onsite within the primary office location in Bristol at least 2 days a week, as well as occasional travel to alternative sites such as Milton Keynes, Abbey Wood, Corsham, Farnborough and Bicester to support auditing and assurance activities as required.
The successful candidate will need to have had recent practical experience in a high tempo working environment and be motivated to join an established Information Assurance team in the UK.
BDUK Information Assurance professionals are expected to work closely with their Information Assurance and Security counterparts to deliver an integrated and focused security effect, knowledge of Information Assurance and MOD Security policies such as JSP440 and JSP604 is preferred.
Role Activities:
Support the IA Team Lead in maintenance of Service Delivery Management Plans, RMADS, risk assessments and other relevant security documentation.
Provide advice and guidance on applicable security policy and technical solutions to internal and external stakeholders.
Facilitate the timely completion and presentation of accreditation to the Authority accreditor for services within scope of the contract.
Ensure maintenance of Authority to Operate across all services within scope of the contract.
Identification and recording of risks related to services within scope of the contract, and management of the working risk register.
Report instances of non-compliance with relevant policy and UK law to the Authority, and ensure the organization follows defined procedures for reporting of hardware and software vulnerabilities.
Appraisals and scoping of security testing, evaluation of and managing associated reports, and ensuring resolution plans are implemented and adhered to.
Collaboration within the organization to identify hardware or software security vulnerabilities, malicious software and other security related weaknesses including the areas of obsolescence, patching and anti-virus.
Perform auditing activity against various aspects of the programme in line with ISO27001, to schedule and scope as determined by the IA Team Lead
Provide impact assessment to any change activity as presented by Project Management, and review/update any relevant documentation to support changes in the accredited baseline or security enforcing functionality.
Oversight and representation of Assurance interests at various meetings.
Validation of Security Operating Procedures in accordance with contractual obligations.
Maintaining knowledge of technology development (both hardware and software), threat actors, tools and techniques and the risk implications for information security.
Typical Qualifications/Education:
Essential knowledge and skills:
Knowledge and understanding of MOD and Government information security policy, standards and guidance.
Knowledge of assuring IT systems in a secure government environment (MOD)
Understanding of systems and security verification, validation, testing and evaluation approaches, including HMG Information Assurance schemes and processes.
Experience in generation of information security Risk Assessments, Risk Treatment Plans and Risk Management and Accreditation Documents in accordance with ISO27001
Experience in the specification and development of effective and balanced information assurance solutions or approaches, including the ability to analyse the security aspects of business risks
Pragmatic approach to the recommendation of security controls.
Ability to plan, prioritise and manage own workload with limited day-to-day supervision, but know when to seek assistance/escalate.
The successful applicant must have an active, or be eligible to obtain, Security Clearance (SC) and work towards Developed Vetting level (DV) UK Security Clearance
Desirable knowledge and skills:
Experience of working within a multinational matrix management environment/ structure and a large-scale, complex international organization, but also within small teams, would be highly advantageous.
Experience of MOD Corsham and the GOSCC would be highly advantageous
Experience of working with and accrediting MOD Applications for deployment onto the Defence Network, including knowledge of various MOD publications such as JSP440, JSP604 etc. and tools such as DART.
Experience of participating in developing security solutions in response to customer requirements.
Understanding of data protection controls and practices, and awareness of wider regulations such as ITAR.
Work Authorisation:
This requisition is for a locally hired position in the UK. Candidates must have current legal authorisation to work immediately in the United Kingdom. Boeing will not attempt to obtain Immigration and labour sponsorship for any applicants. Benefits and pay are determined at the local level and are not part of Boeing U.S. based payroll.
Export Control Requirements: Not an export control position
Equal Opportunity Employer:
We are an equal opportunity employer. We do not accept unlawful discrimination in our recruitment or employment practices on any grounds including but not limited to; color, religion, national origin, gender, sexual orientation, gender identity, age, physical or mental disability, genetic factors, military and veteran status, or other characteristics covered by applicable law.
We have teams in more than 65 countries, and each person plays a role in helping us become one of the world’s most innovative, diverse and inclusive companies. Applicants are encouraged to share with our recruitment team any accommodations required during the recruitment process.