Cyber Security Consultant
Job Purpose:
To provide cyber security consultancy services (Risk Management, Security Architecture, Governance Support etc.) for securing the OT infrastructure that is built using specialised Air Navigation systems, in terms of developing, implementing and monitoring the security controls, best practices and holistic cyber security culture against emerging security threats and to stay in compliance with customer and regulatory requirements.
Duties, Responsibilities and Accountabilities:
- Design, implement and assess security controls and best practices for secure OT systems of Air Navigation Services in line with industry standards, customer and regulatory requirements such as IEC 62443, NESA etc.
- Conduct risk assessments on specialized OT systems at a regular interval or on demand and as part of technological changes/introduction and provide plan for mitigating risks.
- Collaborate with internal and other supporting teams to integrate security controls and best practices into the specialized existing and new systems for OT infrastructure.
- Conduct periodic and on-demand technical security review on the OT systems (network components, servers, App etc.) for their compliance against the security policies, target security architecture, regulatory requirements etc. and report to the reporting manager.
- Prepare comprehensive threat modelling for each OT system and overall OT infrastructure, and keep them updated as per the changing threat landscape.
- Collaborate with external stakeholders to conduct technical assessments on the OT systems/ infra as per the policy requirement, analyse the findings and provide actionable recommendations to bolster the security state of OT infrastructure following the internal approval process.
- Deliver a comprehensive vulnerability management program for OT systems in the Air Navigation Services environment, coordinating patching and compensating control implementation with internal and third-party stakeholders.
- Play an important role in preparing, tracking, maintaining and sharing different security reports, documents for security processes, and reviewing the security awareness materials for their relevance and coverage as directed by reporting head.
- Be a technical focal point in case of analysis or investigations of security incidents and coordinate containment and recovery efforts to reduce impact to the services being offered.
- Provide timely support in conducting simulations for incident response activities as per customer incident management plan and frameworks for OT infrastructure and capturing the lessons learnt for improvement options.
- Conduct the security risk assessment associated with suppliers / vendors and 3rd party service providers, share the recommendations for treating the identified risks through relevant reports and keep the respective stakeholders informed on the closed and open risks.
- Keep the security risk, threat modelling, technical vulnerability etc. documents/registers updated as per security policy, customer and regulatory requirements.
Technical Competencies:
Education:
• Bachelor’s in Computer Science, IT, Information / Cyber Security or a related field of acceptance
• Master’s degree is preferred.
Professional Certifications:
• A relevant certification such as CISSP, GICSP, ISA/IEC 62443, OSCP and GPEN.
• Certification on ISO 27001 would be advantageous.
• Aviation related security or technical certification would be preferred.
• Practical experience in working with Linux OS, and delivering penetration tests and security incident management would be advantageous.
Experience:
• Minimum 10 years of experience working exclusively in the Information/Cyber security field (Essential). In that, minimum 8 years in technical including over 5 years of experience working with OT environments (Essential) and 2 years in supporting security governance & compliance.
• Experience in Aviation OT Security would be preferred.
• Experience within the UAE would be preferred.
• Compliance experience related to ISO 27001, UAE’s NESA and GCAA CAR regulations would be beneficial.
Special Technical Skills:
• English language proficiency required. Working knowledge of Arabic preferred
• Ability to design and deliver technical security training courses
• Engineering
• Coordination
• Management of non-routine situations
• Problem solving & decision making
• Self-management and continuous learning
• Workload management
• Teamwork
• Communication
• Risk management
'/%3e%3cpath%20d='M101.744%2012.4726L102.894%2016.1947L99.0021%2013.2201L101.744%2012.4726ZM105.3%208.40937H100.488L99.0026%203.59473L97.5116%208.41047L92.7%208.40385L96.5965%2011.3834L95.1055%2016.1942L99.0021%2013.2196L101.408%2011.3834L105.3%208.40992V8.40937Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_5593_1381'%20x1='90'%20y1='9.44471'%20x2='99'%20y2='9.44471'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%2300AD70'/%3e%3cstop%20offset='0.998594'%20stop-color='%2300B67A'/%3e%3cstop%20offset='1'%20stop-color='%23DCDCE6'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e){kind=small}
job faster
