Cybersecurity Grc Specialist

We’re inventing the future, right here, right now, at Thales. We design the critical security solutions of tomorrow by combining the curiosity to explore, the intelligence to question and the vision to create. Together we solve complicated problems by combining our experience in the market with our leading research and development capabilities.

**About Your Role**:
**The Cybersecurity GRC Specialist will execute cybersecurity activities with a focus on cyber governance, risk, and compliance, to achieve a full Secure by Design lifecycle for the customer, and support the security objective of system accreditation.**:
**The main activities of the role**:

- **Develop the Statement of Applicability (SOA) to contain the derived system security requirements and support each of the sub-system engineering streams to embed the Security functional requirements in their product selection, design work and testing activities.**:

- **Analyse the ISM, PSPF and all applicable policies and standards to identify all relevant Security Engineering requirements to be captured in the SOA and forms the basis of the System Requirements Specifications (SRS).**:

- **Work closely with the lead engineers in every subsystem, to provide security guidance and ensure system security requirements are being implemented as per the ISM intent, are addressed in each of their system designs and solutions.**:

- **Contribute to the System Security Plan (SSP) of the subsystems’ security design and solution and the functional security requirements.**:

- **Identification and assessment of the security risks, to be documented in the Security Risk Management Plan (SRMP) as well as proposing mitigation options to address them.**:

- **Contribute to test strategy and development of the detailed test procedures to achieve effective and re-usable testing methods for the verification of the security requirements for security accreditation.**:

- **Contribute to the preparation activities identified for the Security Engineering activities at each of the project reviews (SRR, IBR, CDR, C/DRR, IRD, ESV and SAT).**:

- **Support the development of security artefacts necessary to achieve the Security Accreditation of the system and support (Development and Test) system(s).**:

- **Support and contribute to the V&V testing activities across the range of subsystem engineering teams.**:

- **Facilitate the IRAP assessor engagement by assisting with the audit and review activities.**:

- **Engage and coordinate penetration testing activities, including the preparation of the activities, organisation of the facilities and system access.**:

- **Track and report remediation activities and effort.**:

- **Provide cybersecurity engineering support during the Operate and Maintain phase of the project, up to the system-of-system level.**:

- **Optimise processes and work activities, focusing on the efficiency of project execution (structure, roles, interfaces, artefacts, template, re-use. coordination).**:

- **Identify and review security risks and issues, and propose effective solutions; execute agreed mitigation actions and report on outcomes or cost savings and residual risks.**:
**How About You?**:

- **A tertiary qualification in Engineering, Computer Science, IT or other relevant qualification with a focus on cybersecurity, or can demonstrate a high level of competence through career experience and self-study**:

- **Demonstrated knowledge of the engineering life cycle, from concept design, requirements capture and management, system and subsystem design, system integration through to test strategies, acceptance and support phase.**:

- **Experience working in multi-skilled engineering teams within a matrix environment.**:

- **Strong appreciation and adherence to security engineering processes, and high-quality delivery.**:

- **Demonstrated ability to analyse and solve problems, working with a range of colleagues and stakeholders in a project context.**:

- **Proficient knowledge and use of DOORS.**:

- **Advanced knowledge of ISM, PSPF and NIST standards**:
**Good to Know**:
**Prior to offer you’ll complete a pre-employment police and medical check.**:
Wellbeing matters at Thales, and where possible we encourage flexible working.