Head of Product Security; RATS

Position: Head of Product Security (RATS)
Location: Newcastle upon Tyne

Head of Product Security (RATS)

Leonardo – Newcastle, United Kingdom

Contract:

Permanent | Hybrid Working:
Hybrid

Overview

Leonardo invites an experienced security professional to lead product security governance across its Radar and Advanced Targeting (RATS) portfolio. The role focuses on designing and certifying Mission Critical and Flight Safety involved airborne systems, ensuring alignment with UK MOD Secure‑by‑Design, ISO
27001/27004/27005, NIST RMF, and NIST SP800‑30/53 frameworks, and integrating UK/NATO Information Assurance/Accreditation principles.

Key Responsibilities

• Manage Product Security processes, templates and guidance, overseeing implementation across RATS.
• Leverage KPIs to improve compliance, effectiveness, and efficiency of the Product Security Management System.
• Ensure competency of Product Cyber Resilience Managers (PCRM) or Product Security Management Specialists (PSMS) to meet current and future needs.
• Advocate Product Security within the Design Integrity (DI) function and the wider RATS community.
• Produce and report RATS Product Security metrics as requested by the Head of Product Security Capability.
• Attend and support Product Security Special Interest Groups (SIG) and technical sub‑groups.
• Assist the CE DI with Governance responsibilities, supporting Design Maturity Reviews and the design certification process.
• Manage Product Security events or incidents within RATS, ensuring thorough containment, eradication, and recovery, and leading post‑incident reviews.

Day‑to‑Day Work

• Create and maintain the Product Security Management System, including processes, templates, and guidance.
• Select, measure, collect, and analyze metrics to improve compliance, effectiveness, and efficiency through KPIs.
• Develop, maintain, monitor, and evolve the Product Security competence framework in collaboration with other LoB HoPS.
• Assess PCRM/PSMS competence against the competence framework.
• Identify and select training or trade‑related conferences to support ongoing competency.
• Chair and administer the RATS Security Community of Interest (CoI).
• Deliver awareness and training on security frameworks, policies, and processes to engineering disciplines.
• Allocate PSMS to perform Design Review Assessor duties and assist CE DI with design certification.
• Identify future resourcing demands and secure resources through recruitment or sub‑contracting.
• Oversee assessment of Security events/incidents, ensuring containment, eradication, and recovery, and lead lessons‑learnt activities.

Qualifications

– What You’ll Bring

• Comprehensive practical experience in developing a security or safety risk management system for complex products based on a recognised framework in highly regulated industries.
• Demonstrable experience of the System Development Life Cycle, Software Development Life Cycle, V‑Models, and Agile frameworks.
• Effective communication and interpersonal skills, with the ability to coach and develop others.
• Ability to obtain SC security clearance and work within UKEO and US ITAR TAA restrictions.
• Deep understanding of complex engineering processes and their inter‑dependencies.
• A passion for promoting and improving the safety and security of complex systems.

Preferred – What You Should Have

• Experience with ISO
  27001/27004/27005 or the NIST RMF and NIST SP800‑30/53.
• Knowledge of UK/NATO Information Assurance/Accreditation frameworks.
• Familiarity with application of cyber resilience controls to embedded systems.

Desirable (Not Essential)

• Knowledge of EASA/FAA Airworthiness Certification frameworks.
• Awareness of current crypto technologies, Key Management Systems, and practical COMSEC.
• Chartered Engineer status with a recognised body, preferably the UK Cyber Security Council.
• Experience producing and delivering training/awareness material within a corporate environment.
• Familiarity with incident investigation and implementation of investigation processes such as those used by the Air Accidents Investigation Branch (AAIB).
• Experience in planning and executing penetration testing and/or vulnerability assessments.
• Financial forecasting, risk/opportunity management associated with project planning and execution.

Security Clearance

This role requires pre‑employment screening in line with the UK Government’s Baseline Personnel Security Standard (BPSS). Additional National Security Vetting (NSV) may apply, potentially including The Security Check (SC) or Developed Vetting (DV).

Primary Location

GB – Edinburgh

Additional Locations

GB – Newcastle

Contract Type

Permanent

Hybrid Working

Hybrid

Information

• Seniority Level: Executive
• Employment Type:
  
  Full‑time
• Job Function:
  Information Technology
• Industries:
  Defense and Space Manufacturing, Aviation and Aerospace Component Manufacturing, Computer and Network Security

Contact

Senior leadership will review applications. Top performers are strongly encouraged to apply promptly.

#J-18808-Ljbffr