Job Purpose
The Cybersecurity Engineer will work in a team within the Technology Services Directorate. They will be responsible for ensuring processes and procedures meet Safety and Security requirements in ATM/ANS and adhere to statutory and regulatory requirements. This involves conducting thorough risk assessments, identifying potential vulnerabilities, and implementing effective security controls.
Main Duties and Responsibilities
* Develop and manage the programme of work in adherence to the requirements of the NIS/NIS-2 Security directive and other applicable regulation. Identify any associated gaps and implement corrective action plans to comply with the requirements of Competent Authority and/or National Cyber Security Centre and implement associated policy, procedural and technical developments as required.
* Co-ordinate security requirements, enhancements or replacement, of systems and equipment to meet the security specifications and requirements of safety and business cases.
* Ensure the Operational Security Policy meets ATM/ANS operational requirements and is in accordance with industry best practices and in compliance with Regulatory requirements.
* Provide guidance and support, in the management and provision of technical services and the secure design of ATM Networks & Systems, in line with industry best practice.
* Conduct risk assessments to ensure adherence to standards, guidelines, statutory and regulatory requirements.
* Investigate occurrences and provide recommendations for prevention in future to inform the incident response strategy.
* Develop and maintain good working relationships with all key stakeholders, regulatory and oversight bodies.
* Implement the security strategy through to solution design with hands-on configuration and troubleshooting.
* Work closely with, and provide oversight of, ATSEP Security training provided by third party (Training Consultants, third party equipment suppliers).
* Identify areas for improvement and pro-actively manage such initiatives to closure.
* Develop in-house capability to identify system restore and repair procedures for critical systems failure scenarios.
* Develop security lab areas in conjunction with engineering management.
* Develop and enhance Incident Response and recovery process and associated procedures.
* Develop strong governance processes to drive security designed solutions in consultation with the relevant engineering subject matter experts and management.
* Provide assistance and support to the Director and Domain Managers as required.
* Attend relevant fora as required.
* Other duties as may be assigned, where appropriate.
PERSON SPECIFICATION
Education, Knowledge, Experience & Skills
Essential:
* A third level degree (Computer Science, System engineering or related discipline)
* Minimum of three years’ relevant Safety, compliance and/or regulatory experience working with cyber security responsibilities.
* Experience of and ability to work in a GRC (Governance/Risk/Compliance) role
* Demonstrable experience or knowledge of cybersecurity best practices, security controls (firewalls, IDS and data encryption algorithms), IP networks infrastructure (routers, switches)
* Strong analytical and problem-solving skills
* Ability to think critically and identify risks
* Excellent interpersonal and communication skills
* Proven ability to work independently and as part of a team
* Excellent customer focus
Desirable:
* Demonstrable experience/knowledge of:
o Risk assessment process
o Working with regulatory authorities
o Drafting procedures to be used in a regulated environment.
o Compliance or quality monitoring
o The organisation and structure of Air Traffic Management (ATM) / Air Navigation Services (ANS)
o National and EU/ICAO regulatory framework and its applicability to ATM/ANS
o Audit process and audit compliance tools
o ISO 27001 and its application
o Knowledge/experience of NIST CSF, CIS benchmark, and other cybersecurity standards
o Use and development of tools/databases (e.g. DISA/STIG, MS Access)
o Delivery of training on procedures/process
#J-18808-Ljbffr