Thales is where women work

 

Job is no longer available

Cyber Security Architect

Thales

Crawley, United Kingdom

Thales people design solutions that enable two thirds of planes to take off and land safely. We create in-flight entertainment systems that engross 50 million fliers every year and we develop the avionics that control the world’s largest commercial aircrafts. In the UK, our simulators train the next generation of pilots for fighter jets, transporters and search and rescue helicopters. And, together, each and every member of our aerospace team makes a difference.

The Cyber Security Architect, who reports to the Thales Avionics UK CTO and is responsible for the design, development and delivery of a comprehensive cybersecurity framework with its intended purpose to protect Thales Avionics UK products, data and infrastructure from cyber-attacks, intrusions, and ensure that those products achieve airworthiness security certification and comply with Thales policies and applicable regulatory requirements regarding data access, security and privacy. The scope of this responsibility includes all Thales Avionics UK products and services, including wired and wireless systems onboard and off-board the aircraft.

Key Responsibilities
Manage the FLX UK security activities – scope, budgets, schedule and risk elements with respect to guidelines and strategy define by the GBU Security Design Authority
Work with the projects developing the Thales Avionics UK products, to ensure that security is designed into the products and the security work is tightly integrated with the development work.
Be responsible for taking Thales Avionics UK products through security certification, particularly achieving airworthiness security certification. This will include performing security risk assessments, defining product security measures, producing security documentation and ensuring the required security assurance of the product can be demonstrated to satisfy the certification authorities.
Implement product security standards, policies (administrative, safeguards, technical), processes (compliance, incidents, testing) and mechanisms (data at rest, in motion, in use) from risk analysis up to security requirements definition, support to integration & validation of security functions, pentesting capacities organization with third parties.
Coordinate with AVS (CCS and IFEC etc), the AVS Security DA and with SIX, to ensure a common approach to security and that security good practice is shared.
Co-ordinate, understand and potentially represent Thales UK in the standards bodies defining the aviation security processes and mechanisms.
Maintain awareness of current vulnerabilities, response mechanisms, mitigation strategies, new technologies, trends, innovations and the changing aviation cybersecurity threatscape
Communicate internally regarding critical cybersecurity incidents impacting the solution or product sub systems, and where appropriate, summarize for external communication 24x7x365 as needed
Responsible for continuous evolution of value-added cybersecurity into solutions and R&T roadmaps
Assess cybersecurity capabilities within Thales Avionics UK and develop and execute plans to increase cybersecurity awareness and expertise within the organization
Represent Thales Avionics UK cybersecurity in coordination with Thales internal counterparts in AVS/SIX/TGS GBUs to achieve compliance to group security standards.

Skills, Qualifications and Experience
Domain knowledge in cybersecurity principles, risk assessment, testing, risk, risk mitigation and threat response
Previous experience in cybersecurity solutions implementation in a product domain
Demonstrated leadership behaviors: shaping solutions out of complexity, ambitious and accountable, perform through cooperation, influence key stakeholders, engage and develop teams
Strong presentation and written communication skills and effective interaction, internal and external, with all levels of management
Coordination and protection of critical, confidential and sensitive information spanning multiple parties
Strong critical thinking and analytical skills with pragmatic and prioritized actions
Develop metrics to measure effectiveness and efficiency and deploy actions to reach agreed target levels
Bachelor’s Degree in information technology, computer science, engineering or related discipline
Proven experience in information security, risk management or engineering
Experience of the aviation industry is required, in particular an appreciation of Aviation Industry security processes and practices (ED202/DO-326, etc) would beneficial.
Demonstrated experience and knowledge in understanding global cybersecurity programs, including technologies, tools, architectures, network and application design, standards, policies, processes and business aspects of risk
Leadership experience in a dynamic, matrixed, corporate environment
Certified Information Systems Security Professional (CISSP) is desirable.


Share this page: