Head of Product Security (RATS) in Edinburgh

Your impact

Leonardo has an exciting opportunity to contribute at a senior governance level, to the design and certification of an expanding portfolio of world class Mission Critical and Flight Safety involved Airborne Systems. As part of the Engineering Governance organisation, working across the Radar and Advanced Targeting (RATS) product portfolio, you will be responsible for determining a basis of certification appropriate to the security threat. Ideally, you will have practical experience of UK MOD Secure-by-Design, ISO27001/27004/27005, NIST Risk Management Framework (RMF) and NIST SP800-30/SP800-53. Knowledge of UK/NATO Information Assurance/Accreditation frameworks would be helpful as well as familiarity with the application of cyber resilience controls within embedded systems.

Working across the Sector product lines within the RATS Line of Business (LoB), you will support and advise the Chief Engineer (CE) Design Integrity (DI) to develop security and engineering management plans, resourced and executed by each of the Integrated Product Teams (IPTs) under the oversight of an assigned Product Cyber Resilience Manager (PCRM). You will support the PCRMs guiding the engineering teams within the IPTs through the product lifecycle, managing the basis of certification and/or acceptance on behalf of the System Design Authority, to achieve successful delivery of the products. You will also provide subject matter advice into the product maturity reviews, following the principles of Secure by Design. A significant intrinsic factor of the role is the requirement for continuous improvement of the cyber resilience of Leonardo products. Leonardo will support you to develop yourself and the process capability of the business.

Many Leonardo products exist at the ‘bleeding edge’ applying innovative technologies such as AI/ML, Autonomy, high-assurance multicore processing, Electro-Optics, and Model Based Systems Engineering. You will have the opportunity to contribute to and learn from these innovations. The RATS products cover sensor and defensive applications such as Laser Directed Energy Weapons (LDEW), Infrared Countermeasure (IRCM), Integrated Sensing Radar, Surveillance Radar plus other Non-Kinetic Effects products. You’ll be involved in major UK and Global programmes such as Eurofighter Typhoon and Global Combat Air Program, together with many other Crewed and Un-Crewed Airborne Platforms around the globe.

As the Head of Product Security, you will:

• The RATS HoPS is responsible for the strategic elements of Product Security.
• They are accountable to the CE DI for performance of Product Security management within RATS, and accountable to the Leonardo Electronics UK Head of Product Security Capability for metrics and compliance reporting.
• The HoPS has delegated authority from the RATS CE DI and is responsible for the following elements on their behalf:

• Manage Product Security processes, templates and guidance and oversee implementation.
• Use of KPIs to improve compliance, effectiveness and efficiency of the Product Security Management.
• Support sufficient and appropriate competency of PCRM or Product Security Management Specialist (PSMS) to meet RATS current and future needs.
• Advocate Product Security within DI and the wider RATS community.
• Production and reporting of RATS Product Security metrics as requested and directed by the Head of Product Security Capability.
• Attendance and support to the Product Security Special Interest Groups (SIG) and sub-groups covering Governance and Technical topics.
• Assist the CE DI in performing their Governance responsibilities by supporting Design Maturity Reviews and the design certification process.
• Assist the CE DI in the management of current and future resourcing demands to meet RATS needs.
• Oversee the management of Product Security events or incidents within RATS.

What you will do

Day to day, you will be working closely with the CE DI, the PCRMs, PSMSs, Product Safety Engineers, Independent Technical Assessors and other Engineering disciplines to identify and satisfy the contractual and regulatory cyber resilience requirements of systems. You will also select, plan and support the assurance activities necessary for airborne systems, including Mission Critical and Flight Safety involved systems, often with demanding safety and security requirements themselves.

• You will:

• Create and maintain processes, templates and guidance, which forms the Product Security Management System, in collaboration with other LoB HoPS and the Head of Product Security Capability.
• Select, measure, collect and analyse metrics relating to the Product Security Management System to improve compliance, effectiveness and efficiency through KPIs.
• Propose Product Security competence framework development, maintenance, monitoring and evolution to meet RATS needs in collaboration with other LoB HoPS and the Head of Product Security Capability.
• Perform assessment of PCRM or Product Security Management Specialist (PSMS) competence in line with the Product Security competency framework.
• Identify and select training or trade related conferences to ensure the maintenance of competency and the sufficiency of experience across the PCRMs and PSMSs to meet the evolving RATS needs.
• Chair and administration of a RATS security Community of Interest (CoI).
• Deliver awareness and training of the security framework, policies and processes to the Engineering disciplines.
• The production and reporting of RATS Product Security metrics as requested and directed by the Head of Product Security Capability.
• Management of attendance of RATS personnel at external security forums of interest and Business relevance.
• Attend and support the Product Security Special Interest Groups (SIG) and sub-groups covering Governance and Technical topics.
• Allocate competent persons, such as a PSMS, to perform the duties of a Design Review Assessor as requested by a Design Review Chairperson to support Design Maturity Reviews.
• Allocate competent persons to perform the duties of the PSMS to support and advise the CE DI in the certification of designs.
• The identification of future resourcing demands to meet RATS business execution and the necessary provision of those resources through recruitment or sub-contracting.
• Oversee the assessment of general Security events/incidents for any Product Security concerns and ensure the thorough identification, containment, eradication and recovery from any Product Security event/incident and lead any post event/activity from lessons learnt.

What you’ll bring

In broad terms, you shall have as many of the following as possible:

• Evidence of comprehensive practical experience in the development of a security or safety risk management system for complex products based on a recognised framework in a highly regulated industry such as aerospace, nuclear, automotive, rail or oil & gas.
• Demonstratable experience of the System Development Life Cycle, Software Development Life Cycle, V-Models and Agile frameworks.
• Effective and flexible communication and interpersonal skills.
• Demonstratable ability to interact with subject matter experts on a wide range of technical and operational topics.
• Excellent written and verbal communication skills, with the ability to coach and develop others.
• Ability to obtain SC security clearance and work within UKEO and US ITAR TAA restrictions.
• The ability to understand complex engineering processes and the inter-dependency of the process components.
• A passion for promoting and improving the safety and security of complex systems.

You should have one or more of:

• Evidence of comprehensive practical experience in ISO27001/27004/27005 or the NIST Risk Management Framework (RMF) and NIST SP800-30/SP800-53.
• Knowledge of UK/NATO Information Assurance/Accreditation frameworks.
• Demonstratable familiarity with the application of cyber resilience controls to embedded systems.

It would be desirable, but not essential, if you also had one or more of:

• Knowledge of EASA/FAA Airworthiness Certification frameworks.
• Awareness of current crypto technologies, Key Management Systems & practical COMSEC.
• Chartered Engineer status with a recognised body, preferably the UK Cyber Security Council.
• Awareness of Information Security (INFOSEC), Communications Security (COMSEC), Transmission Security (TRANSEC), Product Safety and their inter-relationship.
• Experience of producing and delivering training/awareness material within a corporate environment.
• Familiarity with incident investigation and implementation of an investigation process such as used by the Air Accidents Investigation Branch (AAIB).
• Familiarity with assessing the consequences of emergent security vulnerabilities.
• Familiarity of planning and executing assurance activities required to provide the necessary assurances to security authorities and agencies.
• Familiarity with the planning and conduct of penetration testing and/or vulnerability assessments.
• Familiarity with planning, costing, financial forecasting and risk/opportunity management activities associated with project planning and execution.

Security Clearance

This role is subject to pre-employment screening in line with the UK Government’s Baseline Personnel Security Standard (BPSS). An additional range of Personnel Security Controls referred to as National Security Vetting (NSV) may apply, this could include meeting the eligibility requirements for The Security Check (SC) or Developed Vetting (DV).

Why join us

At Leonardo, our people are at the heart of everything we do. We offer a comprehensive, company-funded benefits package that supports your wellbeing, career development, and work–life balance. Whether you're looking to grow professionally, care for your health, or plan for the future, we’re here to help you thrive.