Business Unit: Cubic Transportation Systems
Company Details: When you join Cubic, you become part of a company that creates and delivers technology solutions in transportation to make people’s lives easier by simplifying their daily journeys, and defense capabilities to help promote mission success and safety for those who serve their nation. Led by our talented teams around the world, Cubic is committed to solving global issues through innovation and service to our customers and partners.
We have a top-tier portfolio of businesses, including Cubic Transportation Systems (CTS) and Cubic Defense (CD). Explore more on Cubic.com.
Job Details:
Job Summary: Leads assurance of cybersecurity and cyber-resilience controls and provides information security architecture consultancy to multiple Cubic customer programmes for new and revised accredited payment devices and applications, cloud infrastructure services, back-office systems and bespoke hardware devices within bids and projects. The role will work among an expert team of peers acting as the principal advisor for cybersecurity with systems/ project engineers, developers, bid teams, business stakeholders and project managers across functions both regionally and globally. Reports to Security Architecture Manager.
Essential Job Duties and Responsibilities:
* Lead security architecture assurance for reference designs that positively impact global customer program success and Cubic’s strategic goals and objectives.
* Lead security design assurance to ensure that customer security requirements and responses are realized by engineering, IT and business development teams within customer bids.
* Lead Cubic’s security response to customer variation requests and ensure customer understanding of proposed impacts against new and existing security risks.
* Lead the delivery of design and build / operations and maintenance budget requirements for customer bids and variation requests. Ensure financial requirements for cyber resilience controls and security labour estimates are presented for approval by senior Cubic leadership.
* Lead assurance to ensure security requirements are developed by DevOps, system engineers and other project team staff and are implemented according to Cubic cybersecurity/ cyber resilience engineering policies and customer needs and ensure that these requirements are supportable and clearly documented.
* Leads all security risk assessment / business impact analysis/ audit for new payment applications, devices and IT infrastructure and leads advice and guidance on the application and operation of physical, procedural and technical security controls within all engineering and IT solutions. Hands over results to information security governance/ risk/ compliance staff to manage in operational phase.
* Lead information security assurance within design gateways and service transition/ change boards.
* Champions best practices for application and infrastructure/ architecture design principles for the use of existing and new information security technologies across customer systems.
* Ensure appropriate security operational processes are delivered by projects to support service transition.
* Some manual handling may occasionally be required.
* May be required occasionally to work on other Cubic and customer sites and datacentres.
Minimum Job Requirements:
Qualifications
Essential:
* Degree or equivalent qualifications/experience.
* Certification as an Information Security professional (e.g. IISP/CISA/CISM/CISSP/CCSP/ ISA).
Desirable:
* A university degree in a numerate subject (e.g. computer science, maths, engineering, natural science).
* Information privacy/ data protection – CIPPE/ + CIPM and IT frameworks (ITIL/ Prince2/ TOGAF).
* HMG IA qualifications/ CLAS; CREST-registered penetration tester and/or security architect.
* Security and IT infrastructure/ networking vendors’ certifications.
Skills/Experience/Knowledge
Essential:
* Demonstrable experience leading the establishment and implementation of security architecture, policies, procedures and technologies.
* Experience of waterfall and agile secure development lifecycles (SDLC) and secure product development.
* Exposure to current IT Security standards and regulations such as PCI-DSS, ISO 27001, DPA / GDPR.
* Exposure to enterprise IT infrastructure and tools (e.g. MS Windows Server, Cisco, Oracle Solaris, Linux).
* Superior network infrastructure and protocol knowledge.
Desirable:
* Experience of transactional revenue, embedded, smartcards and mobile payment systems.
* Experience of security architecture of major public cloud services e.g. Azure, AWS, Google Cloud.
* Practical and theoretic subject matter expert for cryptographic services.
* Knowledge of wider security, audit, risk and compliance standards e.g. PCI-P2PE, PCI-PTS-POI, ISO 27701, ISO27005, ISO31000, NIST and governance/ risk/ compliance tools e.g. OneTrust privacy tool.
* Requirements analysis and tracing tools such as DOORS and SD Elements.
* Experience of application security testing tools and DevOps frameworks, e.g. SonarQube, JIRA, static & dynamic code analysis/ “fuzzing”. Development tools/ environments; Java, Visual Studio, C#.
* In depth understanding of information security control tools, e.g. Splunk, Crowdstrike, Trend Micro DeepSecurity, Imperva WAF, Tenable.IO/ Nessus, TripWire, Cisco IPS, F5, Centrify.
* Experience of quality management systems and external audit standards e.g. ISO 9001, ISAE3402.
Personal Qualities
* Shows wide latitude in determining objectives and approaches to critical assignments that ensure outcomes are met. Self-motivated, able to work unsupervised on own initiative and as part of a matrix team, and be recognized by as an expert in the field and principal advisor.
* Demonstrable ability to create formal networks with key decision makers and SMEs.
* Ability to construct and agree strategy from limited information using best judgement.
* Must be able to work effectively and uphold professional standards and confidentiality with Cubic internal and external customers as well as staff at all levels of the organisation. The role will also be required to work with security vendors, Cubic suppliers and customers.
* Able to juggle multiple tasks with deftness and attention to deadlines.
* Strong analytical and influencing skills to assess demand for change and ensure that the necessary controls are in place to deliver successfully.
* An enthusiasm for new technologies and their application for both business and consumers.
* The tenacity to keep going when things get difficult, an optimistic and upbeat personal manner.
* Strong verbal and written communications skills in English, and a degree of flexibility required in working time due to supporting a 24/7 operation and to liaise with colleagues in multiple time zones.
* Candidate will be required to complete basic security checks.
The description provided above is not intended to be an exhaustive list of all job duties, responsibilities and requirements. Duties, responsibilities and requirements may change over time and according to business need.
Worker Type: Employee
#J-18808-Ljbffr