Cyber Design Authority

Location: London, Greater London, United Kingdom (Hybrid - minimum two days per week from our office in Canary Wharf)

• Analyse customer needs and assess solution architecture and technical choices.
• Ensure security solution compliance with customer needs, product policy, make team buy strategy, applicable legislation, standards and regulations.
• Review technical security risks and opportunities and related mitigation plans throughout bids or projects.
• Balance customer requirements and product policy with schedule, cost, MTB strategy and risk trade offs.
• Check production and maintenance/service aspects with the Production Process/Technology Manager and Service Engineering Manager.
• Approve technical specifications and source selection of subsystems/products to be outsourced, considering MTB policy, export restrictions and offset requirements.
• Verify that the engineering environment aligns with country/company instruction, overall solution cost, technical risks and schedule.
• Ensure, with engineering SMEs and safety stakeholders, that solution design incorporates contract requirements, applicable security legislation, standards and regulations, and that certification activities are performed correctly.
• Review and approve completion of security specific integration, verification, validation and qualification results.
• Lead bid/project security engineering reviews and approve security deliverables at each project decision milestone.
• Organise technical meetings and peer reviews with the Engineering Delivery Manager and other technical stakeholders to assess and validate the solution.
• Contribute to business strategy and product development as required.
• Interface with the client to define the solution.
• Stay current on technical, legislative and industry specific security standards worldwide.

• Strong technical writing and excellent interpersonal communication skills.
• Expertise in cyber and information security solutions relevant to urban signalling, mainline signalling, communication systems, integrated control systems, etc.
• Excellent understanding of risk assessment frameworks and compliance methodologies.
• Strong knowledge of business case development, resource planning and effective budget management.
• Extensive experience across systems engineering lifecycles focusing on security, including secure by design principles, requirements capture, modelling, analysis, system design, and independent verification and validation (IV&V).
• In depth knowledge and experience of full systems engineering lifecycles for large, complex systems.
• Expertise in industry specific security standards and legislation.
• Well proven technical/project experience in developing and applying security solutions to critical OT or IT control systems and/or safety critical systems.

• Degree level (preferably Masters) in a relevant field such as cyber security, networks, computer science, etc.
• Certified or working towards a senior level security accreditation (e.g., CISSP, CISM, etc.).

• Proven track record of building and maintaining cross functional relationships that deliver outcomes for both the team and the wider business.
• Excellent presentation skills.
• Effective personal organisation and the ability to remain composed and focused under pressure.
• Demonstrated ability to lead, manage, mentor and coach a diverse team.
• Excellent problem solving ability, trade off skills and attention to detail.

We welcome and value differences in background, age, gender, sexuality, family status, disability, race, nationality, ethnicity, religion and worldview. We are proud to be an equal opportunity employer.