-To assist the Chief Information Officer in the implementation, maintenance and improvement of a Corporate & Information Security Management System (CISMS) and a Crisis & Business Continuity Management System (CBCMS).
-She/he will assist the organization and its employees in adhering to all internal policies, procedures and practices as well as applicable external laws and regulations relating to CIS, crisis and business continuity management (CBCM), and data privacy.
-Assist in development, implementation, maintenance and improvement of CIS and CBCM policies and procedures, ensuring alignment with regulatory environment and overall business strategy.
-Ensure effective controls are in place to monitor the effectiveness of the Region’s CISMS and CBCMS, review and implement necessary remediation for any identified deficiencies.
-Support regional and local teams on risk and control assessments, security concepts, internal and external audits and ensure that staff is trained and prepared.
-Maintain, document, implement training programs on CIS- and CBCM-related as well as data privacy topics relevant to the Region to enhance employees’ knowledge and understanding of related policies and procedures, relevant laws and regulations.
-Provide regulatory updates and information to safeguard company through regular assessments.
-Maintain in-depth knowledge of the business and its activities to ensure adequate security oversight and resources.
-Build presence and provide guidance to management and staff on CIS, CBCM, and data privacy standards and issues.
-Perform and support internal investigations.
-Implementing and improving the firm's security standards and ensuring that it is in compliance with industry standards and frameworks.
-Implementing internal controls to monitor effectiveness of current security management system and policies.
-Maintaining data privacy through internal frameworks and industry standards.
-Providing regulatory updates and other relevant information important to safeguard company assets and data through assessments and monitoring.
-Assessing external manufacturing sites to ensure safety and compliance.
-BS degree in CS, Computer Engineering, EE, or Electronic Engineering.
-CISSP, CSX, CISA, CISM, or CEH Certification.
-OSCP or CREST Certification.
-2 years of experience with Cyber threat intelligence, malware analysis, Cyber forensics, or vulnerability research.
-Experience in working with Cybersecurity technologies, including SIEM, IDS and IPS, EDR, HBSS, packet capture solutions, or IOC discovery tools.
-Experience with red teaming or exploits for defence purposes.
-Experience with SCADA or integrated control systems.
-Experience with developing hypotheses and data models for Cyber threat intelligence (CTI).
-Experience with applying CTI research and analysis to incident analysis.
-Experience with incident detection and response, malware analysis, or Cyber forensics.
-Experience with client operations, Cyber kill chain analysis for incident response, and security technologies, including SIEM, IDS, IPS, EDR, and HBSS.
-Experience with analyzing and synthesizing Cyber and log information with other data sources, providing guidance and mentorship to others in Cyber threat analysis and operations, evaluating, including interpreting, and integrating other sources of information, and fusing computer network attack analyses with other threat intelligence data sources.
-Experience with analyzing network traffic, large sets of log data, and other relevant security data for breach analysis.
-Experience with using the NIST CSF and equivalent frameworks for Cybersecurity evaluations.
-Experience with applying frameworks to Cybersecurity and information security management and IT controls, including ISO 27000 series or CoBIT.
-Knowledge of at least two of the following: network traffic analysis, Cyber threats, Cyber adversary techniques, log aggregation and correlation, or scripting techniques.