Head of Cyber Security – Assurance & Compliance

Location: Warton, Preston or Frimley. We offer a range of hybrid and flexible working arrangements - please speak to your recruiter about the options for this particular role.

What you’ll be doing:

• Developing and leading a 2nd Line enterprise data, digital & cyber assurance strategy aligned to business objectives, regulatory and customer expectations for BAE Plc.
• Developing and maintaining a comprehensive assurance framework across cybersecurity (IT & OT), data and digital realms through robust internal controls across the enterprise, supply chain and programme specific requirements.
• Lead planning and execution of risk-based assurance activities including controls testing, thematic reviews and assurance reporting across federated Lines of Business for BAE Plc.
• Providing constructive challenge and oversight of first line activities including policy compliance, control implementation and remediation.
• Producing independent reporting and assurance opinions for stakeholders including Head of GRC, CISO and other cyber and protective security forums within BAE Plc.
• Monitoring the cyber risk landscape and horizon-scan for emerging risks and regulatory developments including implications for control assurance.
• Engaging with internal and external audit, regulatory inspections and customer assurance programmes ensuring alignment and minimising duplication.

Your skills and experiences:

• Extensive experience in cyber security assurance, risk oversight or internal audit within a regulated or government facing sector.
• Excellent knowledge of working within Cybersecurity GRC, specifically working with national and global cyber security standards and regulatory/compliance frameworks e.g. NIST 800-53, ISO/IEC 27001, DEFSTAN, CIS, NCSC Guidance etc.
• Deep understanding of the Three Lines of Defence model and 2nd Line responsibilities in a complex enterprise.
• Proven ability to design and lead risk-based assurance programs across technology and business domains.
• Experience delivering transformational Cyber or Risk management Programs/Projects.
• Relevant cybersecurity, IT or business degree, experience in consultancy or people management.
• Demonstrable experience in cybersecurity or risk management.
• CISSP, CRISC, CISA ISO 27001 Lead Auditor or other cyber security certification.

As well as a competitive pension scheme, BAE Systems also offers employee share plans, an extensive range of flexible discounted health, wellbeing and lifestyle benefits, including a green car scheme, private health plans and shopping discounts - you may also be eligible for an annual incentive.

The GRC (Government, Risk and Compliance) team:

BAE Systems are seeking an experienced and strategically minded Head of Cyber Security – Assurance & Compliance to lead our second line of defence cyber assurance function. Come and experience the full breadth of a diverse, dynamic business, working at Group level means engaging directly with key stakeholders across every facet of the organization where you will be making a real difference for our UK defence, by helping those who serve and protect us. You will be responsible for oversight, challenge and assurance of cyber, data and digital controls across the enterprise, with a focus on federated Lines of Business/Sectors.

Why BAE Systems?

This is a place where you’ll be able to make a real difference. You’ll be part of an inclusive culture that values diversity of thought, rewards integrity, and merit, and where you’ll be empowered to fulfil your potential. We welcome people from all backgrounds and want to make sure that our recruitment processes are as inclusive as possible. If you have a disability or health condition (for example dyslexia, autism, an anxiety disorder etc.) that may affect your performance in certain assessment types, please speak to your recruiter about potential reasonable adjustments.

Please be aware that many roles at BAE Systems are subject to both security and export control restrictions. These restrictions mean that factors such as your nationality, any nationalities you may have previously held, and your place of birth can restrict the roles you are eligible to perform within the organisation. All applicants must as a minimum achieve Baseline Personnel Security Standard. Many roles also require higher levels of National Security Vetting where applicants must typically have 5 to 10 years of continuous residency in the UK depending on the vetting level required for the role, to allow for meaningful security vetting checks.

Closing Date: 1st July 2025. We reserve the right to close this vacancy early if we receive sufficient applications for the role. Therefore, if you are interested, please submit your application as early as possible.