Cyber Security Specialist

Role purpose

Information & Cyber Security Management, IT Security Physical & Logical Security Management, Security & Vulnerability planning, IT Security Awareness & Policy Development

KEY ACCOUNTABILITIES & ACTIVITIES

• Oversee information Cyber security function
• Evaluate Cybersecurity budget and costs associated with all Initiatives and Operations
• Assess current Cybersecurity technology architecture for vulnerabilities, weaknesses and for possible upgrades or improvement
• Implement and oversee NCA, NIS, ISO technological upgrades, improvements and major changes to the information security environment
• Serve as a focal point of contact for the IT Cyber Security team
• Manage and configure physical security, disaster recovery and data backup systems
• Monitoring of all security operations including SIEM platform, AV, Firewalls, Identity Management Platform, access request processing, digital loss prevention
• Evaluate and recommend information security technologies and practices
• Advise on and monitor compliance with information security mandates
• Interpret security policies, regulations, standards, and other mandates into security control requirements and assess environments against those requirements
• Communicate the value of IT Cyber Security throughout all levels of the organization stakeholders.
• Provide information security awareness training to organization personnel
• Ensure that cybersecurity inspections, tests, and reviews are coordinated for the network environment.
• Oversee the information security training and awareness program.
• Participate in an information security risk assessment during the Security Assessment and Authorization process.
• Provide system-related input on cybersecurity requirements to be included in statements of work and other appropriate procurement documents.
• Recommend resource allocations required to securely operate and maintain an organization's cybersecurity requirements.
• Track Cybersecurity audit findings and recommendations to ensure that appropriate mitigation actions are taken.
• Perform analysis of network security, based upon the DCID 6/3, DITSCAP, DIACAP, and NISPOM Chapter 8 certification and accreditation process

REQUIREMENTS FOR ROLE

Experience & qualifications

• 8-10 years’ experience in IT & Cyber Security
• Bachelor’s degree in IT or computer engineering
• Certifications - CISSP, IAM, CISM

Knowledge & skills

• Full understanding of NCA, NIS, ISO27001
• Understanding of Global Security Criteria such as Cybersecurity, Knowledge Assurance
• Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions
• Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
• Knowledge of laws, policies, procedures, or governance relevant to cybersecurity for critical infrastructures.
• Knowledge of current and emerging threats/threat vectors.
• Knowledge of what constitutes a network attack and a network attack's relationship to both threats and vulnerabilities.
• Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).