Position Overview: We are seeking a highly experienced and strategic Information System Security Officer to lead our cyber and regulatory compliance programs across RTX business units for sites located in the UK. The role is critical for ensuring the cyber posture of the sites and for establishing the guidelines and actions needed to protect the company's Information Systems against cyber threats, respond to digital compliance risks, and foster a company-wide culture of cybersecurity. The successful candidate will provide technical leadership, oversee multi‑site governance and risk management, and ensure alignment between RTX ES Cybersecurity services (including IT and OT) with Business functions to safeguard critical assets, applications, systems, and data. This hybrid role balances remote and on‑site presence based on business needs, key meetings, critical milestones, team collaboration, audits, or incident response requirements. Remote work is acceptable as long as the candidate can regularly visit the sites.
Responsibilities
Governance
* Manage and local cyber governance of the Information Systems within sites under ISSO scope.
* Ensure adherence to global and regional/local regulatory requirements and applicable frameworks (ISO 27001, ISO 27005, NIST SP800‑171, Cyber Essentials, CMMC Global, etc.).
* Maintain the Information Security Management System (ISMS) or equivalent governance model.
* Define, implement, coordinate, manage and monitor activities related to Part‑IS regulation (acting as Aviation Safety ISMS Manager).
* Drive internal and external audits, certifications, and compliance readiness across multiple sites.
* Continuously monitor emerging regulations and standards to ensure proactive risk management.
* Maintain relationships and interface with cyber stakeholders in the site ecosystem, including security authorities, customers & partners.
* Define, derive and maintain security policies, procedures and guidance for Restricted and Classified IS located on site (if any) and ensure their implementation with support from the DT team.
* Ensure accreditation activities on Restricted and Classified networks (when applicable).
* Execute an annual security awareness plan to reduce business compliance risks, cyber operational risks and foster a cyber culture within the sites.
Cyber Risk Management
* Manage information security risks (identification, evaluation and treatment) according to applicable enterprise‑wide cyber risk program and regulations including Part‑IS and NIS2.
* Lead risk assessment for the sites and associated risk treatment plan with the support of DT Int’l Operations and RTX Global GRC teams.
* Oversee implementation of security controls (technical, administrative, physical) for applications, infrastructure, Cloud and OT systems under ISSO scope.
* Ensure secure enablement of new technologies and digital transformation programmes.
Compliance
* Ensure compliance with applicable security requirements for the sites (internal policies, regulations and customer frameworks).
* Ensure compliance with security requirements for third parties engaged with the sites.
* Drive supplier cyber risk identification and treatment for the sites.
* Support enterprise‑wide compliance programmes and external audits/assessments from customers and regulators (e.g., CASE audit, Part‑IS audit).
Security Event and Incident Management
* Ensure threat detection capabilities provided by RTX Cyber‑Defense team are fully implemented.
* Monitor, detect and respond to cyber threats exposing Restricted and Classified networks (when applicable).
* Support the RTX Cyber‑Defense Operations for any event or incident occurring on the sites.
* Drive incident response preparedness and act as point of contact for security incidents.
Operations
* Provide expert security guidance to DT Int’l Operations (e.g., vulnerability management, remediation execution, support on new cyber programmes).
* Support special cyber programmes such as SURGE and drive critical vulnerabilities remediation in support of DT Int'l operations and CART team.
* Champion business resilience by aligning DT and OT security strategies with business continuity and disaster recovery plans.
* Provide support to the DT team on business continuity/recovery activities (BIA, DRP, etc.).
Technical Leadership
* Act as point of contact for various compliance programmes (EASA Part‑IS, NIS2, DFARS CMMC Global, etc.).
* Provide expert security guidance to Engineering, Operations and Value‑Stream Leaders teams.
* Collaborate with local stakeholders (Engineering, Operations, Safety, Quality) to ensure seamless integration of information security requirements.
* Represent Information Security with external regulators, customers and partners.
* Monitor regulatory, threat landscape and technology evolution in cybersecurity.
* Mentor and develop junior security professionals, promoting a cybersecurity culture.
Qualifications
* Bachelor’s degree in Computer Science, Information Security, Engineering or related field with 12+ years of experience in cybersecurity; or Master’s degree with 10+ years of experience.
* Knowledge or experience in at least five of the following domains: Risk Management, Security Architecture & Engineering, Asset Security, Communication & Network Security, Security Assessment & Testing, Identity & Access Management (IAM), Security Operations.
* Strong working knowledge of security frameworks: ISO 27001, ISO 27005, NIST (CSF, SP800‑171, SP800‑82) etc.
* Experience leading multi‑site/global compliance programmes.
* Excellent knowledge of risk management methodologies and audit practices.
* Strong communication and stakeholder management skills at C‑level.
* Relevant certifications (one or more): CISSP, CISM, CRISC, ISO 27001 Lead Implementer/Auditor, ISO 27005 Risk Manager, OSCP, CEH, GIAC, etc.
* Experience in regulated industries (e.g., aerospace, defense, manufacturing or critical infrastructure).
* Knowledge of EASA Part‑IS, NIS2, national MoD security regulations.
* Experience working with/or for regulators/authorities or customers (e.g., aerospace & defense OEMs).
* Experience and expertise in threat monitoring & detection, security incidents management, penetration testing and/or technical audit, software development security (threat modelling, secure coding).
* Familiarity with Industrial Control Systems (ICS) / OT cybersecurity.
* Background in safety‑critical or regulated environments.
* Soft skills: ownership, curiosity, passion, ability to withstand pressure, cross‑organisation collaboration, influence, reporting to management, team management, general interest and commitment.
Nationality / Clearance
This role may require having national security clearance. Candidates must be eligible to obtain a higher security clearance.
Equal Employment Opportunity
All qualified applicants will be given careful consideration without regard to ethnicity, color, religion, gender, sexual orientation or identity, national origin, age, disability, protected veteran status or any other characteristic protected by law.
#J-18808-Ljbffr