Cyber Security Audit, and Risk Management Specialist

This is a hybrid position.

Role and Responsibilities:
The client is seeking a skilled and experienced Cyber Security Audit, and Risk Management Specialist with specific experience in the airline industry. The candidate will be responsible for assessing, monitoring, and enhancing the organization’s cybersecurity posture through comprehensive audits, risk management strategies, and proactive exercises. This role requires a deep understanding of the unique cybersecurity challenges faced by the airline industry, including compliance with aviation-specific regulations and standards. The specialist will work closely with various departments to ensure the integrity, confidentiality, and availability of information assets.

Key Responsibilities:
• Plan, conduct, and manage internal and external cybersecurity audits tailored to the airline industry, assessing the effectiveness of security controls.
• Evaluate compliance with industry standards, regulations, and best practices, including aviation-specific standards such as the International Air Transport Association (IATA) guidelines.
• Document audit findings, prepare detailed reports, and present recommendations to management.
• Identify, assess, and prioritize cybersecurity risks specific to the airline industry.
• Participate in risk assessments and act as an advisor on some engagements.
• Ensure that security policies are communicated effectively to all employees and are enforced consistently across the organization.
• Stay informed about new and emerging threats, vulnerabilities, and regulatory changes that may impact the airline industry.

Qualifications:
• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field or 4 years of additional experience in the field.
• 3-5 years of experience in cybersecurity.
• Experience conducting cybersecurity audits or risk evaluation.
• Familiarity with cybersecurity frameworks, standards, and regulations (e.g., IATA, NIST, ISO 27001).
• Strong understanding of information security principles, practices, and technologies.
• Experience with security tools and technologies such as SIEM, vulnerability management systems, firewalls, and intrusion detection systems.
• Proficiency in risk management methodologies and tools.
• Familiarity with cloud security, network security, and endpoint protection.
• Relevant cybersecurity certifications (e.g., CISSP, CISA, CRISC, CISM, OSCP, CEH) are highly desirable.
• Strong analytical and problem-solving skills.
• Strong people skills.
• Excellent communication and report-writing skills, with the ability to convey complex information to both technical and non-technical audiences.
• Ability to work independently and as part of a team in a fast-paced environment.
• Strong attention to detail and a commitment to maintaining the highest standards of security.

Preferred Qualifications:
• Specific experience with cybersecurity challenges and solutions in the airline industry.
• Consulting or advising experience.
• Experience with GRC (Governance, Risk, and Compliance) tools and platforms.
• Hands-on experience in ethical hacking or on a Red Team tools.
• Experience with penetration testing or vulnerability exploitation.
• Experience in cloud security, identity management, vulnerability management, incident response, or similar field.
• Experience in a large-scale enterprise environment.
• Proven experience in the airline industry, with a deep understanding of its unique cybersecurity challenges and regulatory requirements.

Top 5 Skill sets
1. analytical
2. report writing
3. cybersecurity – red team, IR, audit
4. consulting experience/advising
5 conscientious

Nice to have skills or certifications:
1. CISSP
2. Security +
3. CISA
4. Red Team