Job description
Fantastic challenges. Amazing opportunities. GKN Aerospace is reimagining air travel: going further, faster and greener! Fuelled by great people whose expertise and creativity sets the standards in our industry, we’re inspired by the opportunities to innovate and break boundaries. We’re proud to play a part in protecting the world’s democracies. And we’re committed to putting sustainability at the centre of everything we do, opening up and protecting our planet. With over 16,000 employees across 33 manufacturing sites in 12 countries we serve over 90% of the world’s aircraft and engine manufacturers and achieved sales of £3.35 bn.in 2023. There are no limits to where you can take your career.Job SummaryThe role of Cyber Security Officer is responsible for interpreting regulatory and contractual requirements, mapping controls, assessing controls and advising IT/OT and business teams on control implementation. The Cyber Security Officer is expected to support activities for security risk management, reporting, policy lifecycle, training and awareness, governance, risk and compliance program delivery, and third-party risk management. This position will be collaborating with stakeholders across various business departments such as IT, Legal and Compliance, and HR to ensure risks are managed effectively and efficiently in accordance with company policies and applicable requirements.Job ResponsibilitiesSafety: Required to follow all HSE rules and regulations. Must wear appropriate PPE as required. Governance: Support the development, implementation and maintenance of strong governance, risk and compliance processes. Continuously improve the security framework, methodology, standards, and system of internal controls. Report on findings, track status, and ensure corrective actions are complete and sustainable. Support operational reporting, management communications, and executive governance committees. Support and/or lead continuous improvement initiatives to deliver on operational and strategic goals. Sustain relationships with auditors, regulators, and compliance partners. Risk and Compliance: Support risk identification and assessment, response and mitigation, control monitoring and reporting. Gather and evaluate information, including to support auditors, regulators, and compliance partners. Develop and perform tests, to evaluate the design and effectiveness of key controls as is necessary for compliance. Review test findings, identify control weaknesses, present results, and recommend actions to remediate issues. Support issue management, risk acceptances, and the corrective action program (POAM). Deliver high quality reporting (data, reports, presentations), communicating effectively in both technical and business terms. Support workforce security activities including culture, awareness and training. Assist in the maintenance of the US Defence certification and accreditation. Assist in the coordination and response to alerts and directives (US-CERT / CISA), and submission of incident reports to applicable authorities. Coordinate local incident response activities, and liaison with security operations, business, regulators and third parties. Complete supplier assurance questionnaires and conduct risk assessments. GRC Systems Administration: Support operation and administration of GRC systems for Cyber Security and IT. Support, develop, and configure GRC system services and improvements. Specialize in questionnaires, workflows, reports, and dashboards. Serves as a resource to Cyber Security and IT/OT and business teams on GRC matters. Job QualificationsRequired Qualifications: Bachelor’s Degree in a technology-related field or equivalent experience. 3+ years of experience with a focus on security and compliance. Must be fluent (speaking and reading) the English Language Must be a US Citizen or Green Card Holder due to program security clearance requirements and/or SSA requirements. Must hold or be capable of obtaining and maintaining DoD SC Clearance (or higher). Additional Qualifications: Experience with cyber security governance, risk, and compliance management. Experience in writing policies, procedures, and controls in one or more standards/frameworks. Experience with UK HMG/MOD Information security requirements, accreditation and best practice security solutions for the UK defence sector. Knowledge of computer networking concepts, and network and system security methodologies. Knowledge of risk management processes. Knowledge of cyber threats and vulnerabilities. Ability to work in a large, highly regulated complex environment. Ability to work well under minimal supervision and the skills to deal with ambiguity. Preferred Qualifications: Experience coordinating tasks to complete third party assessments. Experience in RMF for US DoD security programs and/or with risk management practices in both a compliance and security context. Knowledge of Aerospace regulations and export control requirements. Knowledge of NISPOM, JSIG, ICD 503 and/or DCSA DAAPM. Knowledge of CMMC, NIST SP 800-171 and/or NIST SP 800-53, ISO 27001. Knowledge of DISA STIG and/or equivalent implementation guidance. Professional information security certification like CISSP, CISM, or other relevant security-related designation. We’ll offer you fantastic challenges and amazing opportunities. This is your chance to be part of an organisation that has proven itself to be at the cutting edge of our industry; and is committed to pushing the boundaries even further. And with some of the best training on offer in the industry, who knows how far you can go? A Great Place to work needs a Great Way of Working Everyone is welcome to apply to GKN. We believe that we can only achieve our ambitions through a coming together of diverse minds who enjoy collaborating in an inspirational environment. Through our commitment to diversity, inclusion and belonging and by living our five powerful principles we’ve created a culture where everyone feels welcome to contribute. It’s a culture that won us ‘The Best Workplace Culture Award’. By embracing and celebrating what makes us unique we encourage everyone to bring their full self to work. We’re also committed to providing an accessible recruitment process, so if you require reasonable adjustments at any stage during our recruitment process please get in touch and let us know. We are the place where human dreams, plus human endeavour, shape the future of aerospace innovation and technology. ​​ #LI-HYBRID