OVERVIEW

People. Passion. Pride. This is what has driven our teams since 1833.
Since that time, we have developed to become a critical partner in the global aviation industry, delivering time-critical logistics services at over 290 locations in 65 countries, across 6 continents.
But at the heart of our business is our people.

SAFETY, SECURITY, WELLBEING AND COMPLIANCE:

You will have a responsibility and duty whilst at work to take reasonable care of the health, safety and wellbeing of yourself and others in accordance with provided information, training, and workplace health and safety rules or procedures. The company is committed to providing a safe working environment for all staff members. In all areas of our business there is a potential risk to the health, safety and welfare to everyone on our sites through the misuse of alcohol and drugs. As such the Company prohibits such misuse and carries out regular testing to enforce our Substance Misuse Policy.
Please see the attached job description for further details on safety, security, wellbeing & compliance.

ROLE PURPOSE

Working as part of, and supported by, a global team, based in UK, Kuwait and the US you will be aligned to, and provide support to the regional IT team.
Daily this will involve spending time reviewing and responding to security tickets and alerts primarily raised by our SOC. This may involve investigating using SIEM and EDR tools to understand and resolve the issue.
Weekly, you will be involved in understanding and planning the remediation of any high and critical vulnerabilities identified in the region via tools such as Tenable and Managed Engine.
Monthly you will support the implementation of projects in the region, risk assessing projects and changes at the earliest opportunity to assist with the design and implementation of the relevant security controls.

WHAT YOU WILL BE DOING

• Managing time critical Security Operations, ensuring events and incidents are responded to effectively, playbooks are followed and opportunities for improvement are identified and actioned.
• Ensuring the security architecture is implemented and functioning across the estate and providing the expected detection and prevention capabilities.
• Supporting the designing, management and operation of a global Vulnerability Management Programme. Managing the relevant processes to ensure oversight of the cyber security posture, working with the relevant teams to remediate known vulnerabilities, and reporting monthly to the Chief Information Security Officer quantifying the risk and the progress of remediation.
• Scoping and managing the annual mandatory external testing of cyber security controls on key production systems. Reporting the findings to the relevant stakeholders and managing the required mitigations.
• Analyse and prioritise cyber threat intelligence and disseminate actionable information to the relevant IT teams and system owners to proactively mitigate emerging vulnerabilities.
• Ensure the relevant training and communications materials, informed by current threat intelligence, are available to promote a ‘Cyber Aware’ culture within the business.
• Collaborate with other departments such as IT, Development, legal, and Human Resources to ensure that cybersecurity measures are understood and implemented.
• Monitor, measure and advise on the cyber controls of third-party suppliers.
• Meet at least monthly with the regional IT team, to understand the projects and changes that are happening, intervene if necessary to maintain the security by design principle, update the regional risk register and review incidents, threat intelligence or other relevant business
• Maintain and develop cyber governance by:
• Understanding contractual and regulatory cyber compliance requirements to designing and implement the appropriate controls.
• Performing risk assessments for new systems, significant changes, current processes, projects, integrations and update the risk register with findings and propose an appropriate remediation plan.
• Other responsibilities include:
• Management of cyber risk by working with business and IT stakeholders to understand processes, inform on current cyber risk and manage the this to an acceptable level.
• Working with business and IT stakeholders to define metrics and reporting strategies that effectively communicate the value of the security program.
• Consulting with IT and system owners to ensure that their cyber security requirements are factored into the evaluation, selection, installation, and configuration of hardware, applications, and software. Identifying areas for potential improvement.
• Monitoring and reporting on compliance with security policies, as well as the enforcement of policies within the IT department.
• Supporting responses to customer bids, RFQs, and subsequent clarifications.
  Would you like to see more detail on the accountabilities of the role? Please see the attached job description for further information