Senior Security Analyst

Business Unit:
Cubic Transportation Systems

Company Details:
Cubic offers an opportunity to provide innovative technology for government and commercial customers around the globe, helping to solve their future problems today. We're the leading integrator of payment and information technology and services for intelligent travel solutions worldwide, and the leading provider of realistic combat training systems, secure communications and networking and highly specialized support services for military and security forces of the U.S. and allied nations. If you have an entrepreneurial spirit and thrive in an innovative environment, we want to talk to you about your next role at Cubic! We are seeking employees inspired by technology, and motivated by the rewards of hard work, commitment, teamwork, quality, integrity, and respect. We invite you to explore opportunities with Cubic.

Job Details:

Essential Job Duties and Responsibilities:

1. Lead and supervise the team on a day to day basis, ensuring that the team is adequately resourced and has the required skills and ability to deliver the agreed level of service to our customers.
2. Contribute to the technical strategy and procedures for the team and ensure that the team's objectives are aligned with the business objectives as set by senior management.
3. Work collaboratively with internal stakeholders to develop and facilitate team performance improvements.
4. Provide expert technical on-the-job training, alongside the Learning & Development team, coaching and mentoring to the team.
5. Lead security incident and event management and other operational cyber security monitoring generated by security control tools in accordance with established procedures and security standards.
6. Lead incident response, undertake security investigations and compile incident and problem management/root cause analysis reports. Implement corrective actions where required.
7. Lead vulnerability management process for the region.
8. Lead external penetration test activities procured from vendors and ensure remediations are documented and implemented.
9. Install, manage and improve technical security control tools and processes.
10. Ensure change control requests are reviewed against cyber security requirements to reduce the risk of weakening existing security controls. Participate in the evaluation, testing and implementation of such changes.
11. Lead security control reviews for all types of IT infrastructure and business applications and recommend appropriate action across the wider Security function.
12. Support mobilisation of new customer programmes and new systems and ensure readiness for operations via established service transition processes within region.
13. Support internal and external customers defining their needs for new access rights and privileges.
14. Ensure key performance/key risk information is collated and delivered to internal and external customers according to schedule.
15. Contribute to other information security, contingency planning and related activities.
16. Provide training and guidance to the wider team, promoting best practice and process improvement.
17. May be required to work at or travel to other local global Cubic sites and datacentres.
18. Comply with Cubic's values and adherence to all company policy and procedures.
19. In addition to the duties and responsibilities listed, the job holder is required to perform other duties assigned by their manager from time-to-time, as may be reasonably required of them.

Minimum Job Requirements:

Qualifications

Essential:

• University degree in a relevant subject (e.g. information security, encryption, computer science, maths, engineering) or equivalent education and Team Leader/commercial experience.

Desirable:

• A university master-level degree in a relevant subject (e.g. information security, encryption, computer science, maths, engineering) or equivalent education/experience.
• Certification as an Information Security professional (e.g. ISACA CISA/CISM/CRISC, ISC(2) CISSP, BCS CISMP/IISP).
• Information privacy/data protection industry certifications - CIPPE/CIPM.
• Payment Card Industry Security Standards Council certification (ISA/QSA).
• ITIL v3/Prince2 foundation level/TOGAF certifications.
• IT infrastructure/networking vendors' certifications.

Skills/Experience/Knowledge

Essential:

• Proven team leader with identified tangible results in uplifting team capability.
• Expert knowledge, focused on execution and delivery of activities, leads the way for improved efficiency in tool use and streamlining processes.
• Expert knowledge of security SIEM tooling and vulnerability scanners.
• Experience in implementing and ensuring compliance with cyber security controls to multiple standards including ISO 27001 and ensuring operational controls meet continued compliance requirements to maintain PCI-DSS certifications.
• Stakeholder management experience, e.g. leading consultations/workshops and presentational skills.

Desirable:

• Functional experience leading a commercial security operations centre.
• Experience of compliance programmes of wider security, audit, risk and compliance standards.
• Experience using cyber security governance, risk and compliance and IT service management tools.
• Experience of quality management systems and external audit standards.
• Experience of transactional revenue, embedded, smartcards and mobile/open payment systems.
• Proficiency writing and speaking in other European languages.

Personal Qualities

• Able to work effectively and uphold professional standards and confidentiality with internal and external stakeholders at all levels.
• Able to travel globally at reasonable notice and be based internationally for assignments for several weeks' duration.
• Superior verbal and written English language communications skills.
• Ability to understand corporate objectives to implement them as business unit policy.
• Self-motivated, able to work on own initiative.
• Strong customer service skills.

The description provided above is not intended to be an exhaustive list of all job duties, responsibilities and requirements. Duties, responsibilities and requirements may change over time and according to business need.

#LI-SP3

Worker Type:
Employee