Head of Product Security; RATS

Location:

GB – Edinburgh

Leonardo invites a senior professional to lead product security governance for the expanding portfolio of world‑class, mission‑critical airborne systems. The role is situated within the Engineering Governance organisation for the Radar and Advanced Targeting (RATS) product portfolio.

• Determine basis of certification for security threats and oversee security and engineering management plans across Integrated Product Teams (IPTs).
• Guide Product Cyber Resilience Managers (PCRM) and PCRMs through the product lifecycle, managing certification/acceptance on behalf of the System Design Authority.
• Provide subject‑matter advice for product maturity reviews, applying Secure by Design principles.
• Champion continuous improvement of cyber resilience across Leonardo’s cutting‑edge products (AI/ML, autonomy, high‑assurance multicore, electro‑optics, MBSE).
• Collaborate with CE DI and other stakeholders on metrics, compliance reporting, and security events within RATS.
• Develop and maintain Product Security Management System processes, templates, and guidance.
• Lead and chair RATS security Community of Interest (CoI) and support SIGs and sub‑groups.
• Allocate and assess competency of security staff (PSMS, PCRM) and support Design Maturity Reviews.
• Respond to security incidents, leading containment, eradication, recovery, and lessons‑learned activities.

• Comprehensive experience developing security or safety risk‑management systems in regulated industries such as aerospace, defense, or nuclear.
• Hands‑on experience with ISO 27001 / 27004 / 27005, NIST RMF, NIST SP800‑30/53.
• Knowledge of UK MOD Secure‑by‑Design, UK/NATO Information Assurance/Accreditation frameworks.
• Familiarity with cyber‑resilience controls in embedded or avionics systems.
• Strong written and verbal communication; ability to coach and develop others.
• Ability to obtain SC security clearance and operate within UKEO/US ITAR TAA restrictions.

• Experience with NIST RMF or ISO 27001/27004/27005 beyond basic compliance.
• Knowledge of EASA/FAA airworthiness frameworks.
• Awareness of crypto technologies, key‑management, COMSEC.
• Chartered Engineer status or equivalent.
• Experience delivering training or awareness programs.
• Familiarity with incident investigation procedures (ABIR, AAIB).
• Experience with penetration testing, vulnerability assessment, and risk/opportunity management.

This position requires pre‑employment screening under the UK Government’s Baseline Personnel Security Standard (BPSS). Additional vetting may be required for SC or DV clearance. More information and guidance:

Leonardo offers a comprehensive, company‑funded benefits package that supports wellbeing, career development, and work‑life balance. Work across global programmes like Eurofighter Typhoon and the Global Combat Air Programme, and collaborate with innovators in AI, autonomy, and high‑assurance systems.

Contract Type:
Permanent
Work Mode:
Hybrid