Business Unit:
Cubic Transportation Systems
Company Details:
When you join Cubic, you become part of a company that creates and delivers technology solutions in transportation to make people’s lives easier by simplifying their daily journeys. Led by our talented teams around the world, Cubic is committed to solving global issues through innovation and service to our customers and partners.
We have a top-tier portfolio of businesses, including Cubic Transportation Systems (CTS). Explore more on Cubic.com.
Responsible for supporting governance, risk and compliance tasks (including ISO 27001, GDPR, PCI security standards and local equivalents) and providing security risk management for regional customer programmes.
Job Details:

Essential Job Duties and Responsibilities:

• Maintain ISO 27001 and PCI certification/ recertification for customer programmes
• Conduct risk management activities including risk assessments and security control reviews for all types of business applications and computer installations already in operational service and recommends appropriate action to management
• Maintain customer programme risk registers and treatment plans. Maintain key performance indicator reporting to leadership, integrated management reviews and customers.
• Ensure internal audits are planned to cover all security control areas across all customer programmes in liaison with quality assurance and service teams
• Ensure non-compliances are documented, agreed with service owners, and monitor/ report remediation progress until completion.
• Conduct ISO 27001 and PCI-DSS workshops for internal and external stakeholders; deliver additional security awareness literature and training where directed
• Maintain ISMS artefacts for continual improvement of the global ISO 27001 ISMS
• Assist and support the implementation of global security frameworks and associated GRC tooling
• Provide input to other information security, privacy management and related activities
• Some manual handling may occasionally be required
• May be required to work on other Cubic sites and datacentres
• Comply with Cubic’s values and adherence to all company policy and procedures. In particular comply with the code of conduct, quality, security and occupational health, safety and environmental policies and procedures
• In addition to the duties and responsibilities listed, the job holder is required to perform other duties assigned by their manager from time-to-time, as may be reasonably required of them

Minimum Job Requirements:
Qualifications

Essential:

• University degree in a relevant subject (e.g. information security, encryption, computer science, maths, engineering) or equivalent educations/experience

Desirable:

• A university master-level degree in a relevant subject (e.g. information security, encryption, computer science, maths, engineering) or equivalent educations/experience
• Certification as an Information Security professional (e.g. ISACA CISA/ CRISC, ISC2 CISSP, BCS CISMP/IISP)
• Information privacy/ data protection industry certifications – CIPPE/ + CIPM
• Payment Card Industry Security Standards Council certification (ISA/ QSA)
• ITIL v3/ Prince2 foundation level certifications
• IT infrastructure/ networking vendors’ certifications

Skills/Experience/Knowledge

Essential:

• Demonstrable strong experience in audit and compliance management
• Thorough understanding and application of information security audit methodologies
• Experience in operating and auditing an ISO 27001 compliant ISMS
• Experience in administering and auditing continued compliance to maintain PCI-DSS certifications
• A thorough knowledge of information security technologies and methodologies
• Experience in change and security risk management
• Stakeholder management experience e.g. leading consultations/ workshops and presentational skills
• Demonstrable experience of maintaining security policy, process, guidance, procedure and awareness artefacts under supervision.

Desirable:

• Experience of compliance programmes of wider security, audit, risk and compliance standards e.g. PCI-P2PE, PCI-POI-PTS, ISO 22301, ISO27005, ISO31000, NIST security and risk frameworks, legislation such as GDPR (highly desirable)
• Experience using information security governance, risk and compliance and IT service management tools
• Experience using vulnerability management and security operations tools
• Experience of transactional revenue, embedded, smartcards and mobile/ open payment systems/ EMVCo
• Experience of quality management systems and external audit standards e.g. ISO 9001, ISAE3402
• SOX compliance knowledge/understanding

Personal Qualities

• Able to work effectively and uphold professional standards and confidentiality with internal and external stakeholders at all levels
• Able to travel globally at reasonable notice and be based internationally for assignments for several weeks’ duration
• Superior verbal and written communications skills
• Ability to understand corporate objectives to implement them as business unit policy
• Self-motivated, able to work on own initiative
• Strong customer service skills

The description provided above is not intended to be an exhaustive list of all job duties, responsibilities and requirements. Duties, responsibilities and requirements may change over time and according to business need.

LI-Hybrid

Worker Type:
Employe

• Maintain ISO 27001 and PCI certification/ recertification for customer programmes
• Conduct risk management activities including risk assessments and security control reviews for all types of business applications and computer installations already in operational service and recommends appropriate action to management
• Maintain customer programme risk registers and treatment plans. Maintain key performance indicator reporting to leadership, integrated management reviews and customers.
• Ensure internal audits are planned to cover all security control areas across all customer programmes in liaison with quality assurance and service teams
• Ensure non-compliances are documented, agreed with service owners, and monitor/ report remediation progress until completion.
• Conduct ISO 27001 and PCI-DSS workshops for internal and external stakeholders; deliver additional security awareness literature and training where directed
• Maintain ISMS artefacts for continual improvement of the global ISO 27001 ISMS
• Assist and support the implementation of global security frameworks and associated GRC tooling
• Provide input to other information security, privacy management and related activities
• Some manual handling may occasionally be required
• May be required to work on other Cubic sites and datacentres
• Comply with Cubic’s values and adherence to all company policy and procedures. In particular comply with the code of conduct, quality, security and occupational health, safety and environmental policies and procedures
• In addition to the duties and responsibilities listed, the job holder is required to perform other duties assigned by their manager from time-to-time, as may be reasonably required of the