Cybersecurity Risk Manager

We’re inventing the future, right here, right now, at Thales. We design the critical security solutions of tomorrow by combining the curiosity to explore, the intelligence to question and the vision to create. Together we solve complicated problems by combining our experience in the market with our leading research and development capabilities.

A great opportunity has become available for an experienced **Cybersecurity Risk Manager **to join the renown safety and mission critical OneSKY program.**

The Cybersecurity Risk Manager role supports the delivery of the CMATS air-traffic management system in Australia, which is part of the OneSKY program. CMATS is a complex system and you work in a complex and challenging environment that employs well-defined system engineering processes to ensure fit for use and fit for purpose. In this role you actively manage the cyber risk of the CMATS solution through identification and evaluation of relevant risks in the context of threat sources, vulnerabilities, existing controls, business impact, and target security accreditations.

**KEY ACTIVITIES AND RESPONSIBILITIES**

As a Cybersecurity Risk Manager, you managing cyber risk through the following activities:

- Perform cyber risk assessments, capture and analyse all security requirements, and determine applicable security controls, and develop a threat model based on an agreed list of threat sources and events.
- Identify system, segment, component, and product vulnerabilities, and their impact on the CMATS solution and customer, and develop remediation strategies as appropriate.
- Monitor the effectiveness of remediation strategies and periodically update the security risk register.
- Create and maintain key cyber engineering and accreditation documents such as the Security Accreditation Plan, System Security Plan (SSP), Security Risk Management Plan (SRMP), the Threat and Risk Assessment (TRA), the security risk register, and other relevant contractual documents.
- Produce engineering design artefacts in relation to mitigation strategies including design considerations, design constraints, or design decisions that impact the overall solution design of CMATS.
- Support project IV&V activities, including the Certification and Accreditation phases in which the residual security risks are monitored and appropriately tested and assured, using agreed remediation strategies including penetration tests.
- Present the identified security risks, the analysis conducted to demonstrate effectiveness of proposed risk remediation strategies, and the proposed solutions to customer representatives during the Security Working Groups (SWG).
- Provide advice to internal and external customers on security risks of the CMATS system.
- Liaise with the appropriate federal government security organisations, customer representatives, certification authorities, and relevant service providers.
- Work with other project team members to develop cost and schedule estimates.
- Attend and actively participate in internal and external technical reviews.

**SKILLS & EXPERIENCE**
- Excellent knowledge of the Australian Government Information Security Manual (ISM) and PSPF, and accreditation requirements.
- Working with formal risk management methodologies and documents.
- Contemporary security solutions in heterogeneous environments (Linux and Windows) using a range of technologies and products
- Participating in end-to-end engineering processes with documented traceability
- Authoring and reviewing technical documentation
- Strong presentation and verbal communications and liaison skills

**QUALIFICATIONS**
- Bachelor-level qualification or higher in Information Security (or equivalent demonstrated experience)
- CISSP, CISM, SANS GIAC, SABSA, or similar professional security certifications

**SOME OF OUR GREAT BENEFITS**
- Competitive base salary + Super + Bonus
- Paid health insurance for you and your family
- Employee discounts with a number of affiliates (Travel, Car hire, Tech)
- Access to Fitness Passport
- Modernised Paid Parental leave
- Veterans Leave

Wellbeing matters at Thales, and where possible we encourage flexible working.