Business Unit: Cubic Transportation Systems Company Details: When you join Cubic, you become part of a company that creates and delivers technology solutions in transportation to make people's lives easier by simplifying their daily journeys, and defense capabilities to help promote mission success and safety for those who serve their nation. Led by our talented teams around the world, Cubic is committed to solving global issues through innovation and service to our customers and partners. We have a top-tier portfolio of businesses, including Cubic Transportation Systems (CTS) and Cubic Defense (CD). Explore more on Cubic.com. Job Details: Essential Job Duties and Responsibilities: Ensure customer security requirements and responses are developed with engineering and business development teams for customer bids Lead Cubic security response to customer variation requests and ensure customer understanding of the impact of their request against new and existing security risks. Lead the delivery of design and build / operations and maintenance budget requirements for customer bids and variation requests. Ensures financial requirements for cyber resilience controls and security labour estimates are presented in cost models presented to senior Cubic leadership. Lead assurance to ensure security requirements are developed by DevOps, system engineers and other project team staff and are implemented according to Cubic cyber resilience engineering policies and customer needs and ensure that these requirements are supportable and clearly documented. Leads all security risk assessment / business impact analysis/ audit for new and existing business applications or IT infrastructure and leads advice and guidance on the application and operation of physical, procedural and technical security controls within all engineering and IT solutions. Lead information security assurance within design gateways and service transition/ change boards. Champion best practices for application and infrastructure/ architecture design principles for the use of existing and new information security technologies across customer systems. Assure appropriate security support processes are delivered by projects to support service transition.Minimum Job Requirements: Qualifications Essential:Degree or equivalent qualifications/experience Certification as an Information Security professional (e.g. IISP/CISA/CISM/CISSP/CCSP/ ISA)Current driving licenceDesirable:A university degree in a numerate subject (e.g. computer science, maths, engineering, natural science)Information privacy/ data protection – CIPPE/ + CIPMAustralian and New Zealand information security standardITIL v3/ Prince2 foundation level/ TOGAFSecurity and IT infrastructure/ networking vendors' certificationsSkills/Experience/Knowledge Essential:Solid exposure of taking a leading role in the establishment and implementation of security architecture, policies and procedures.Experience of secure development lifecycles (SDLC)Good understanding of enterprise-scale security management process and infrastructureExposure to current IT Security standards and regulations such as PCI-DSS, ISO 27001, SOX, DPAExposure to enterprise IT infrastructure and tools (e.g. MS Windows Server, Cisco, Oracle Solaris, Linux)Superior network infrastructure and protocol knowledgeDesirable:Experience of transactional revenue, embedded, smartcards and mobile payment systemsKnowledge / experience of security architecture of major public cloud services e.g. Microsoft Azure, Amazon Web Services, Google Cloud, Cloud Access Service Brokers e.g. OktaKnowledge of cryptographic servicesKnowledge of wider security, audit, risk and compliance standards e.g. PCI-P2PE, PCI-POI-PTS, ISO 27701, ISO27005, ISO31000, NIST, GDPR and governance/ risk/ compliance toolsRequirements analysis and tracing tools such as DOORS and SD Elements; OneTrust privacy toolUnderstanding of security within DevOps and waterfall project methods, product developmentExperience of application security testing tools and devops frameworks, e.g. SonarQube, JIRA, static & dynamic code analysis/ "fuzzing"Development tools/ environments; Java, Visual Studio, C#In depth understanding of information security control tools, e.g. Splunk, Crowdstrike, Trend Micro DeepSecurity, Imperva WAF, Tenable.IO/ Nessus, TripWire, Cisco IPS, F5, CentrifyExperience of quality management systems and external audit standards e.g. ISO 9001, ISAE3402Personal Qualities Must be able to work effectively and uphold professional standards and confidentiality with Cubic internal and external customers as well as staff at all levels of the organisation. The role will also be required to work with security vendors, Cubic suppliers and customers.Self-motivated, able to work on own initiative and as part of a matrix team, unsupervised, and be recognized by their peers as inspirational and the "go-to" person for solving problems.Able to juggle multiple tasks with deftness and attention to deadlines.Strong analytical and influencing skills to assess demand for change and ensure that the necessary controls are in place to deliver successfully.An enthusiasm for new technologies and their application for both business and consumers.A natural curiosity and a passion for learning new skills "on the job". A continuous improvement mindset.The tenacity to keep going when things get difficult, an optimistic and upbeat personal mannerStrong verbal and written communications skills in English.A degree of flexibility required in working time due to supporting a 24/7 operation and to liaise with colleagues in multiple time zones.Candidate will be required to complete basic security checks.CONDITION OF EMPLOYMENT Successful outcome of a National Police CheckThe description provided above is not intended to be an exhaustive list of all job duties, responsibilities and requirements. Duties, responsibilities and requirements may change over time and according to business needs.Worker Type: Employee
#J-18808-Ljbffr
