Specialist, Security Risk

**About us**

At Sydney Trains our vision is to keep Sydney moving by putting the customer at the centre of everything we do. We work at the heart of local communities and integrate cutting edge technology to deliver efficient rail services which exceed expectations and support a rapidly growing economy. Sydney Trains also operate the Rail Operations Centre and are responsible for the maintenance of assets including tracks, trains, signals, overhead wiring, stations and facilities. We conduct our operations in the community in compliance with the principles of ecologically sustainable development.

Our Operational Technology Unit within Network Maintenance is responsible for ensuring high availability and reliability of Control Systems, Wireless and Fixed voice and data networks, Condition Monitoring and Passenger Information infrastructure and Cyber Security of Operational Systems.

**The opportunity**

Right now, we have opportunities for a Specialist, Security Risk and Compliance and Specialist, Third Party Security to join us in the Operational Technology Unit to lead the way in ensuring cyber security risks are appropriately managed for our operational systems.

**Specialist, Security Risk and Compliance** is responsible for:

- Implementing the security risk strategy and providing cyber governance and risk management oversight
- Leading the security risk assessments and compliance programs, and developing key metrics to monitor risk management
- Leading the awareness of risk management standards, strategies, practices and procedures across the Branch
- Leading the regulatory compliance reporting obligations for NSW government Cyber Security Policy and the federal government Critical Infrastructure Act
- Managing the Cyber Security Management System (CSMS), cyber risk frameworks and maintaining the Cyber risk registers
- Leading the development of incident response plans and playbooks and desk top exercises to ensure appropriate readiness to events and continuous improvement

**Specialist, Third Party Security** is responsible for:

- Working with and conducting security assessments of all Third Parties and contractors.
- Working with Procurement teams on Request for Proposals (RFP) and contracts and advising on security issues
- Planning and conducting risk assessments of third parties with regards to their cyber security capabilities and maturity, with reference to ISO27001 and Cyber Security Management System (CSMS) framework
- Preparing and presenting third party and supply chain cyber risk reports and attestations to management, key committees, and other relevant stakeholders
- Developing risk remediation plans to address identified third party risks, working with security, technical and procurement teams

**About you**

For both roles you are tertiary qualified in a relevant Engineering, Technology or Cyber Security discipline with an understanding of IEC 62443 and ISO 27001 standards, looking for an opportunity that will give you exposure help shape Sydney Trains cyber security strategy.

Your strong stakeholder engagement and communication skills will ensure your ability to present highly technical information in an understandable manner, and then influence a variety of stakeholders to follow the required cyber security standards that will in effect drive improvement and change.

Ideally, you will also have a strong grasp of Cyber Security and Operational Technology and a demonstrated understanding of managing interface issues between various technical, production and operational disciplines.

You will have a strong understanding of cyber security risk management and the various cyber security standards and frameworks. Cyber Security and/or Risk Certifications such as CISSP, CISM, and CRISC, will be highly regarded.

**Interested?**

Right now is an exciting time to join our team as we prepare to meet the needs of customers with a world-class rail system.

**Salary and benefits**

RC Grade 7 $143,555 - $157,945 plus super & annual leave loading
- Sydney Trains offers its employees challenging and rewarding work with opportunities for career progression, learning and development and work-life balance. Other benefits include:

- Free travel on Government trains, buses and ferries
- Flexible work practices

**Need help?**

**Applications Close**: Sunday 7 August at 11:59pm

**We are the community we serve**

We are committed to being an inclusive, diverse and flexible workplace where differences are valued. We welcome people of all backgrounds, experience and abilities.

We enable our people to work in ways that work for them and their teams. Working virtually and from different locations including regional locations, staggering work hours and job sharing are just some of the ways our people can work flexibly.

Please contact the Talent Specialist if you require any adjustments to be made to how you interact with us throughout the recruitment process or would like to discuss flexible work options.