Overview
Reporting to the Chief Information Security Officer as part of the Enterprise Business Services team you will be responsible for proactively identifying, reporting, and managing the cyber risk.
Principal Responsibilities
- Continuous improvements to Menzie's overall operational cyber security
- Ensuring the security architecture is implemented and functioning across the estate and providing the expected detection and prevention capabilities.
- Supporting the designing, management and operation of a global Vulnerability Management Programme. Managing the relevant processes to ensure oversight of the cyber security posture, working with the relevant teams to remediate known vulnerabilities, and reporting monthly to the Chief Information Security Officer quantifying the risk and the progress of remediation.
- Scoping and managing the annual mandatory external testing of cyber security controls on key production systems. Reporting the findings to the relevant stakeholders and managing the required mitigations.
- Analyse and prioritise cyber threat intelligence and disseminate actionable information to the relevant IT teams and system owners to proactively mitigate emerging vulnerabilities.
- Ensure the relevant training and communications materials, informed by current threat intelligence, are available to promote a ‘Cyber Aware' culture within the business.
- Collaborate with other departments such as IT, Development, legal, and Human Resources to ensure that cybersecurity measures are understood and implemented.
- Monitor, measure and advise on the cyber controls of third-party suppliers.
- Management of cyber risk by working with business and IT stakeholders to understand processes, inform on current cyber risk and manage the this to an acceptable level.
- Consulting with IT and system owners to ensure that their cyber security requirements are factored into the evaluation, selection, installation, and configuration of hardware, applications, and software. Identifying areas for potential improvement.
- Maintain and develop cyber governance
Candidate Requirements
- Education: A degree in IT or cybersecurity is preferred
- Professional Certifications Relevant certifications such as CISSP, CISM, CISA, CEH, or others are highly valued.
- Ability to manage and support a security operations team.
- Ability to manage the performance of third-party service delivery partners.
- Ability to communicate effectively to a range of audiences.
- Undergraduate Degree in an IT or cyber security discipline, or equivalent experience and relevant qualifications.
- Knowledge of common information security management frameworks, such as International Standards Organization (ISO) 27001, the IT Infrastructure Library (ITIL), or the National Institute of Standards and Technology Cybersecurity Framework.
- Keep abreast of regulations affecting cybersecurity (e.g., GDPR) and ensure the company's adherence to these and other relevant standards.
- Understanding of networks, systems, applications, and Cloud technologies.
- Familiarity with the principles of cryptography.
- Knowledge of security testing.
- Experience working and learning within a fast-moving, changeable environment with new technology/services/infrastructure/priorities and working practices (processes).
- Excellent organizational, planning, and administrative skills and a good eye for detail.
- Highly analytical with the ability to influence, challenge, and implement change.
- Experience in dealing with work of a confidential and sensitive nature.
- Proficient in English with secondary language of Cantonese preferred.
Diversity
MenziesAviation are a committed equal opportunity employer and encourage applications for suitably qualified and eligible applicants regardless of sex, race, disability, age, sexual orientation, gender reassignment, religion or belief, marital status, pregnancy, and maternity. We strive to create an inclusive working environment, where the different knowledge, perspectives, experiences, and approaches of our global workforce are represented. Where everyone feels valued and can reach their full potential.
Please be aware that as part of our recruitment process, we may look to use a variety of resourcing tools to help us understand your skills and experience in relation to the role. Please feel free to contact to recruiter below, if there are any reasonable adjustments to our process that you would like us to consider.
As part of our recruitment process, we will always consider how candidates fit with our values which you can learn more about here.
Application Instructions
Is this role ticking all the boxes for you? If so, please click apply now!