Job Purpose
To provide cyber security operational and compliance services (OT Operational requests and change reviews, security awareness material preparation, collaboration etc.) for securing the OT infrastructure that is built using specialised Air Navigation systems, in terms of reviewing the operational requests and proposed changes for security risks, building holistic cyber security-aware workforce against emerging security threats, assisting to be in compliance with customer and regulatory requirements etc.
Duties & Responsibilities
- Design, develop and maintain security awareness materials as per security policy and regulatory requirements.
- Ensure training contents are comprehensively prepared in relevance and engagement of scoped audiences of the session/s, and got it reviewed and approved as directed.
- Collaborate with Training department to plan and execute the security awareness programs for ANS workforce at a regular interval or on-demand.
- Deliver the awareness sessions in person or other approved means that can be tracked for attendance, assessed and reported to stay in compliance with customer and regulatory requirements.
- Act as a security SPOC for operational queries and change requests from different teams, assess risks on the request, consult with internal team members as required and provide recommendations or guidance to resolve the security concerns.
- Work closely with engineering and other teams to align on security initiatives and projects, and provide support for security measures in engineering processes.
- Collaborate with respective owners/administrators of system, network etc. guide them to enforce the security policies and regulatory requirements related to access control, operations security etc. and ensure that RBAC document is in place and verified for its compliance.
- Assist in the identification, analysis and remediation of security incidents, and ensure that lessons learnt are incorporated into training materials.
- Support in delivering a comprehensive vulnerability management program for OT systems in the Air Navigation Services environment, coordinating patching and compensating control implementation with internal and third-party stakeholders.
- Conduct risk assessments for non-critical assets and patching status checks on all systems (apps, network devices etc.) at a regular interval, and share the findings with reporting head following the internal review process.
- Prepare security reports for different activities handled and other supporting documentation as required ensuring that the reports are comprehensive, accurate and delivered on time, and share them with head of department.
- Foster a culture of continuous learning and constant improvements in awareness materials by collaborating with internal team and other teams of ANS.
- Review the asset records at a regular interval or on-demand and ensure its compliance with security policy, by collaborating with different cross-functional teams
- Keep yourself updated with latest security technology, emerging threats and the factors associated with that, and ensure documents and awareness materials are updated accordingly following the approval as required.
Education:
- Bachelor’s degree in Computer Science, IT, Information / Cyber Security or a related field.
- Master’s degree preferred.
Professional Certifications:
- A relevant certification such as: CISSP, CEH, OSCP, RHCE, CompTIA’s Sec+ and GSEC.
- Certification on ISO 27001 would be advantageous.
- Aviation related security or technical certification would be preferred.
- Practical experience in working with Linux OS and delivering penetration tests would be advantageous.
Experience:
- Minimum 5 years of experience working exclusively in the information/cyber security field (Essential)
- Over 1 year of experience working with Operational Technology environments (Essential)
- Experience in Aviation OT Security would be preferred.
- Experience within the UAE would be preferred.
- Compliance experience related to ISO 27001 would be beneficial.
Special Technical Skills:
- English language proficiency required.
- Ability to design and deliver technical security training courses
- Engineering and Coordination
- Problem solving & decision making
- Self-management and continuous learning
- Workload management
- Ability to work independently and as part of a team as required.
- Clear Communication