Cyber Security Manager

Overview

The Cyber Security Manager ensures that when cyber-attacks occur, or data are stolen or compromised, these incidents are dealt with promptly and effectively and the chance of that incident recurring is minimized. The expertise of the Cyber Security Manager will ensure that the metro systems maintained by the Operation & Maintenance contractors will perform at the highest level of confidentiality, integrity and availability to ensure safety, efficiency and reliability of the metro network.

Responsibilities

• Being the reference for all cyber security matters on metro network Operation & Maintenance project

• Establishing, maintaining and reviewing cyber security principles, policies, and procedures on the project

• Preparing technical specifications to procure cyber security solutions and systems when required

• Advising the Client on cyber security matters for the Operation & Maintenance project

• Supervising the Operation & Maintenance Contractors during the execution and implementation of cyber security processes, procedures and industry best practices

• Performing assessments and audits against ISO27001/2 and NCA standards and frameworks

• Interfacing with other internal and external stakeholders on cyber security matters

• Managing communication with the third parties

Required Skills

• Minimum 8 years of experience with ICS systems and ICS security industry practices along with exposure to operational technologies

• Minimum of bachelor’s degree in Computer Science, Information Systems, or equivalent education

• Demonstrable strong understanding of security solutions and designs from a people, process, technology and eco-system perspective; including security technologies, controls and assessment methodologies

• In-depth knowledge of security frameworks and standards such as ISO27001 series, NIST, NCA, IEC 62443 and their application into diverse environments

• Experience in transport infrastructure and security controls a plus

• Ability to work independently with little oversight, meet tight deadlines, and analyse policies and procedures

• Ability to perform a system risk assessment and system security planning, including documentation

• Ability to assist the Client, development, and operations teams with security control implementation and conduct security testing, control testing, and assessment

• Ability to identify and propose solutions to resolve, mitigate, or compensate for security deficiencies

• Ability to work within a collaborative team that promotes sharing of knowledge and experience

• The Candidate must be physically capable of carrying out site visits and inspections in a railway environment, throughout the construction, testing & commissioning and operational phases of the project

• Security+, CISA, CISSP, ISO27001 LA/LI or CISM Certifications a plus

• Excellent communication and presentation skills both written and verbal in English is key to success of this role