Job PurposeThe Cybersecurity Engineer will work in a team within the Technology Services Directorate. They will be responsible for ensuring processes and procedures meet Safety and Security requirements in ATM/ANS and adhere to statutory and regulatory requirements. This involves conducting thorough risk assessments, identifying potential vulnerabilities, and implementing effective security controls.Main Duties and ResponsibilitiesDevelop and manage the programme of work in adherence to the requirements of the NIS/NIS-2 Security directive and other applicable regulation. Identify any associated gaps and implement corrective action plans to comply with the requirements of Competent Authority and/or National Cyber Security Centre and implement associated policy, procedural and technical developments as required.Co-ordinate security requirements, enhancements or replacement, of systems and equipment to meet the security specifications and requirements of safety and business cases.Ensure the Operational Security Policy meets ATM/ANS operational requirements and is in accordance with industry best practices and in compliance with Regulatory requirements.Provide guidance and support, in the management and provision of technical services and the secure design of ATM Networks & Systems, in line with industry best practice.Conduct risk assessments to ensure adherence to standards, guidelines, statutory and regulatory requirements.Investigate occurrences and provide recommendations for prevention in future to inform the incident response strategy.Develop and maintain good working relationships with all key stakeholders, regulatory and oversight bodies.Implement the security strategy through to solution design with hands-on configuration and troubleshooting.Work closely with, and provide oversight of, ATSEP Security training provided by third party (Training Consultants, third party equipment suppliers).Identify areas for improvement and pro-actively manage such initiatives to closure.Develop in-house capability to identify system restore and repair procedures for critical systems failure scenarios.Develop security lab areas in conjunction with engineering management.Develop and enhance Incident Response and recovery process and associated procedures.Develop strong governance processes to drive security designed solutions in consultation with the relevant engineering subject matter experts and management.Provide assistance and support to the Director and Domain Managers as required.Attend relevant fora as required.Other duties as may be assigned, where appropriate.PERSON SPECIFICATIONEducation, Knowledge, Experience & SkillsEssential:A third level degree (Computer Science, System engineering or related discipline)Minimum of three years’ relevant Safety, compliance and/or regulatory experience working with cyber security responsibilities.Experience of and ability to work in a GRC (Governance/Risk/Compliance) roleDemonstrable experience or knowledge of cybersecurity best practices, security controls (firewalls, IDS and data encryption algorithms), IP networks infrastructure (routers, switches)Strong analytical and problem-solving skillsAbility to think critically and identify risksExcellent interpersonal and communication skillsProven ability to work independently and as part of a teamExcellent customer focusDesirable:Demonstrable experience/knowledge of:Risk assessment processWorking with regulatory authoritiesDrafting procedures to be used in a regulated environment.Compliance or quality monitoringThe organisation and structure of Air Traffic Management (ATM) / Air Navigation Services (ANS)National and EU/ICAO regulatory framework and its applicability to ATM/ANSAudit process and audit compliance toolsISO 27001 and its applicationKnowledge/experience of NIST CSF, CIS benchmark, and other cybersecurity standardsUse and development of tools/databases (e.g. DISA/STIG, MS Access)Delivery of training on procedures/process
#J-18808-Ljbffr