Key deliverables of the role include:
- Development and implementation of security strategies and frameworks to protect the organisation's valuable data and assets.
- Assessing and evaluating risk and vulnerabilities in organisations systems, networks, and applications.
- Conducting regular security audits and compliance assessments to ensure adherence to industry standards and regulatory requirements.
- Designing and implementing effective security controls and measures to mitigate identified risks and threats.
- Collaborating with cross-functional teams to ensure that security controls are integrated into business processes and systems.
- Leading the development and implementation of security policies, procedures, and standards across the organisation.
- Participating in external audits and assessments to demonstrate compliance with relevant legal and regulatory requirements.
Required skills and experience:
- In-depth knowledge and understanding of Operational Technology, primarily focused on Transport and City Infrastructure.
- Senior GRC consultancy experience.
- Experience in assessing cyber maturity and identifying improvement areas in a corporate environment, conducting security audits and assessments, creating and implementing compliance programs, and working with external auditors.
- Proficiency in various security technologies, including network security, firewall technologies, intrusion detection and prevention systems (IDS/IPS), vulnerability assessment tools, security information and event management (SIEM) systems, and data loss prevention (DLP) solutions.
- Strong business-facing skills, with the ability to engage and collaborate with stakeholders at various levels within the organisation.
- Familiarity with working directly with cyber and security working groups.
- Proficiency in facilitating and evaluating divisional cyber assessments.
- Ability to provide actionable recommendations for cyber uplift and prepare associated reports for oversight.
- Expertise in developing and implementing Information Security Management Systems (ISMS) based on established frameworks, such as ISO27001 and NIST CSF (Desirable), and ACSC ISM (Desirable).
- Expertise in Operational Technology standards like ISA/IEC 62443.
- Strong analytical and problem-solving skills.
- Excellent written and verbal communication abilities.
- Review and delivery of cyber security-related policies, procedures, and processes governing the enterprise.
#J-18808-Ljbffr