Cyber Security Governance Specialist

Key deliverables of the role include:Development and implementation of security strategies and frameworks to protect the organisation's valuable data and assets.Assessing and evaluating risk and vulnerabilities in organisations systems, networks, and applications.Conducting regular security audits and compliance assessments to ensure adherence to industry standards and regulatory requirements.Designing and implementing effective security controls and measures to mitigate identified risks and threats.Collaborating with cross-functional teams to ensure that security controls are integrated into business processes and systems.Leading the development and implementation of security policies, procedures, and standards across the organisation.Participating in external audits and assessments to demonstrate compliance with relevant legal and regulatory requirements.Required skills and experience:In-depth knowledge and understanding of Operational Technology, primarily focused on Transport and City Infrastructure.Senior GRC consultancy experience.Experience in assessing cyber maturity and identifying improvement areas in a corporate environment, conducting security audits and assessments, creating and implementing compliance programs, and working with external auditors.Proficiency in various security technologies, including network security, firewall technologies, intrusion detection and prevention systems (IDS/IPS), vulnerability assessment tools, security information and event management (SIEM) systems, and data loss prevention (DLP) solutions.Strong business-facing skills, with the ability to engage and collaborate with stakeholders at various levels within the organisation.Familiarity with working directly with cyber and security working groups.Proficiency in facilitating and evaluating divisional cyber assessments.Ability to provide actionable recommendations for cyber uplift and prepare associated reports for oversight.Expertise in developing and implementing Information Security Management Systems (ISMS) based on established frameworks, such as ISO27001 and NIST CSF (Desirable), and ACSC ISM (Desirable).Expertise in Operational Technology standards like ISA/IEC 62443.Strong analytical and problem-solving skills.Excellent written and verbal communication abilities.Review and delivery of cyber security-related policies, procedures, and processes governing the enterprise.
#J-18808-Ljbffr