Cybersecurity Specialist

Job Description:

We are seeking an experienced Cyber Security Specialist to promote the cybersecurity strategy, lead key initiatives, and safeguard our technology environment.

This is a pivotal role, working closely with various teams to ensure robust protection of our data, systems, and networks.

The Cyber Security Specialist will take ownership of establishing and maintaining security policies, procedures, and operational standards to protect both IT and OT assets.

You will be responsible for the design, implementation, and administration of security tools and processes, as well as managing cyber risks across various projects.

Your expertise will help in responding to incidents, supporting audits, and ensuring compliance with industry standards such as NIST, ISO27001, and ASD.

In this role, you'll lead security initiatives, contribute to disaster recovery plans, and continuously improve security measures, ensuring the integrity, confidentiality, and availability of systems and data.

You will also work closely with stakeholders across the organization, helping to make strategic cybersecurity decisions while fostering a culture of security best practices.

Key Responsibilities:

Provide expert guidance on cybersecurity projects, ensuring the timely delivery and maintenance of security operations.

Ensure that cyber incidents are promptly responded to and remediations are executed according to service level agreements (SLAs).

• ">
• Cyber Technical Capabilities

Act as the technical point of escalation for all security-related controls and concepts.

Lead the implementation of cybersecurity best practices within projects and guide key stakeholders on security architecture best practices.

Review and implement security policy and configurations, ensuring compliance with frameworks like CIS, SIEM, Palo Alto Firewalls, and more.

• ">
• Cyber Governance & Operations

Conduct risk assessments to identify and mitigate internal and external security threats.

Oversee outsourced security operations, ensuring SLAs and KPIs are met.

Implement cyber hardening techniques and continuously monitor security measures for IT and OT systems.

Ensure all security tools are configured according to best practices and managed throughout their lifecycle.

• ">
• Incident, Problem & Change Management

Lead rapid response and investigation into security incidents, ensuring appropriate mitigation measures are taken to reduce the impact.

Manage changes to security configurations, policies, and procedures, ensuring minimal disruption to ongoing operations and project lifecycles.

• ">
• Cyber Supply Chain Risk & Vendor Management

Manage third-party vendors and partners providing security services or solutions, ensuring compliance with agreed security standards.

Monitor and manage cybersecurity risks associated with external vendors throughout the lifecycle.

• ">
• Security & Compliance

Develop and implement a NIST-based cybersecurity strategy, ensuring alignment with organizational goals.

Conduct ongoing monitoring of security events and ensure timely, effective responses to emerging threats.

Oversee security and compliance audits, ensuring that internal policies and external regulations are met.

• ">
• Information Security

Develop and enforce information security policies and standards that govern the confidentiality, integrity, and availability of organizational data.

Establish and implement data classification and security protocols across the business.

Manage the security of on-premises and cloud environments (Azure).

Ensure proper implementation of network segmentation, VPN security, and Zero Trust models.

Maintain and refine cloud security policies and standards for Azure.

• ">
• Disaster Recovery & Business Continuity

Ensure that business continuity and disaster recovery plans incorporate appropriate security measures.

Lead the testing of the Business Continuity Plan (BCP) and Disaster Recovery (DR) strategies to ensure business functions are protected in case of cyber incidents.

Drive the implementation and improvement of cybersecurity processes and procedures.

Ensure the continuous updating and sharing of security knowledge, best practices, and compliance standards across the organization.

Lead ongoing improvements to security processes, ensuring they evolve in line with changing regulations and industry best practices.

To excel in the role you will have:

A minimum of 10-15 years of experience in cybersecurity or information security roles, including network security and system security.

Significant experience in cybersecurity governance, risk management, and compliance.

Proven expertise in developing and implementing security control assurance programs and supply chain risk assessment frameworks.

Certifications:

CISSP, CISM, or other security certifications are highly desirable.

Knowledge of and certification in the SABSA Framework is a plus.

Knowledge:

Solid understanding of security management frameworks such as ISO27001, NIST, ASD, and other related security standards.

Strong understanding of networking protocols and system security protocols.

Familiarity with cloud environments (specifically Azure) and network security (e.g., VPN, Zero Trust).