• Identify cybersecurity risks, including the likelihood and impact of those risks
• Develop a plan/strategy to mitigate cybersecurity risks
• Implement tools, solutions, and processes according to cybersecurity strategy
• Proactively monitor, analyze, and provide guidance on security vulnerabilities and support remediation of those vulnerabilities
• Research and stay abreast of and provide guidance on vulnerabilities and emerging threats
• Partner with incident response and/or managed detection and response providers
• Collaborate with IT Manager to ensure appropriate access levels to software/systems
• Conduct or supervise security training for employees and contractors
• Work with outside counsel to develop a plan for establishing UK GDPR compliance
• Modify existing processes and/or develop new processes to ensure ongoing compliance with CCPA and UK GDPR
• Conduct vulnerability and phishing campaigns on behalf of BlueNovo and its customers
• Audit policies and controls continuously so that BlueNovo remains at the forefront of all cybersecurity standards.
• Assist in the development of other areas of the practice such as SOC.

Skills: Risk Assessment, Strategy Development, Vulnerability Management, Threat Monitoring, Incident Coordination, Compliance Management, Security Awareness Training, Policy Auditing.

• Notifies the Group SOC of any security incident on perimeter
• Manages incidents as notified by the Group SOC, and coordinates the required analysis and remediation actions in relation to the Group SOC to reduce the impact when major security incident occurs
• Ensures the full coverage of SOC monitoring for new systems and applications
• Make sure security reviews are integrated into the project’s management process
• Ensures that security requirements for projects are defined (using the Group Security Configurator), follows up the project development and ensure the validation together with DIRS upon completion
• Advocate for cybersecurity in projects, and escalate to DIRS to ensure a proper risk arbitration with the business
• Defines and drives forward the policy for the Disaster Recovery Plan (DRP) in line with the business needs & the Business Continuity Plans (BCP)
• Coordinates compliance controls (technical & organizational)
• Manages audit remediation plans and promotes innovation

Skills: SOC Response, Incident Management, Monitoring Coverage, Security Reviews, Project Security, Risk Escalation, DRP Strategy, Compliance Oversight.

• Harmonize the definition of objectives and development roadmap for each Cybersecurity process and service 
• Address local Cybersecurity needs and identify local improvement areas through the implementation and management of projects, enhancing local Cybersecurity levels
• Ensure necessary resources are allocated for each Cybersecurity process and service at local level, and define and oversee the proper management of the proposed budget
• Collect local Cybersecurity requirements, their priority and their high-level feasibility, through well-maintained communication channels with local stakeholders, and share them with Group Cybersecurity Team
• Ensure Group Cybersecurity requirements are integrated into IT\Business\OT processes at local level
• Take a leading role in the change management process at the local level
• Evaluate and ensure compliance with local and technical requirements for acquired and developed Cybersecurity tools, policies and procedures
• Plan, implement, manage, monitor and upgrade security measures for the protection of the Company data, systems and networks
• Monitor local Cybersecurity threats and vulnerabilities, providing support in the constant evaluation of the Cyber Risk at local level, supporting also incident management for events with impact at local level
• Ensure the usage of the variety of technologies to handle the security problems and ensure effective troubleshooting

Skills: Process Roadmapping, Local Cyber Projects, Resource Allocation, Requirements Gathering, Compliance Integration, Change Leadership, Risk Evaluation, Threat Monitoring.

• Lead a team of cybersecurity engineers.
• Manage the cybersecurity posture of systems, which includes patching and ensuring the system is compliant with applicable DoD and USCYBERCOM policy.
• Lead accreditation activities and provide documentation, artifacts, and perform administrative accreditation activities.
• Develop processes including cybersecurity in the system design, implementation, testing, and monitoring process and develop solutions aligned with DoD and USCYBERCOM cybersecurity regulations.
• Collaborating with a team of specialists to deliver Cybersecurity & Digital Trust solutions 
• Identity and access management (IAM), security by design, security testing, digital forensics, threat intelligence research and monitoring, testing and automation of technology controls, third party risk assessments and privacy risk and compliance assessments.
• Leveraging skill set to delivery high quality outcomes to clients, through a combination of hands-on delivery and regular technical leadership and coaching to junior members of the team
• Leading and coaching team members, to foster an environment of continued growth and development within the team
• Working closely with Partners, Directors and staff to provide support, maintain communication and update on engagement process

Skills: Team Leadership, Security Compliance, Accreditation Management, Process Development, IAM & Security Design, Risk Assessments, Technical Coaching, Stakeholder Collaboration.

• Maintains operational security posture for an information system or program to ensure information systems security policies, standards, and procedures are established and followed.
• Be able to review security contracts and work with the legal team for contract execution
• Lead and own the entire customer audit cycle from risk identification to remediation.
• Respond to security RFP’s and assessments.
• Familiarity with WCAG/ADA guidelines and assessment
• Be able to deliver security presentations to customers and upper management.
• Lead the management of security aspects of the information system and perform day-to-day security operations of the system.
• Evaluate security solutions to ensure they meet security requirements for processing classified information.
• Perform risk assessment, customer on-site audits & analysis to support certification and accreditation.
• Manages changes to the system and assesses the security impact of those changes.
• Prepares and reviews documentation to include System Security Plans, Risk Assessment Reports, Certification, and Accreditation packages.
• Work with the Security team and others in technology management to document priorities and structure project team activities to align with those priorities.

Skills: Security Operations, Contract Review, Audit Management, RFP Response, WCAG/ADA Compliance, Security Presentations, Risk Assessment, Documentation Management.

• Work with various stakeholders (business owners, biomedical engineering, and IT) to implement policies, standards, and best practices for healthcare infrastructure and medical device systems.
• Develop and/or customize policies, standards, and process documents to facilitate the implementation of healthcare cyber and IT policies and standards.
• Work with key stakeholders to ensure that compliance assessments of healthcare infrastructure and medical device systems is conducted according to policy requirements.
• Provide regular healthcare security and risk updates at various management forums
• Drive healthcare cybersecurity risk and governance program
• Evaluate applicable laws and regulations to determine impact on the organization’s activities and ensure compliance with regulations
• Acts as SME charged with developing and implementing policies designed to protect Healthcare data.
• Collaborate with the cyber security division to ensure alignment between security and privacy compliance programs including policies, practices, investigations, and acts as a liaison to the information systems department.
• In cooperation with the Privacy Office, ensures compliance with privacy policies and regulations
• Develop and implement standard and secure practices for health information exchange and electronic health records management.
• Drive the adoption of cloud and mobile technologies in healthcare
• Develop sustainable enterprise-scale data federation practices and frameworks
• Support the Digital Health Director in building and maintaining relationships and establishing working relationships with relevant internal and external stakeholders
• Support in inter-sectoral meetings providing and gathering input as it relates to strategy, planning, risks, etc.
• Prepare relevant progress reports to update relevant stakeholders on progress

Skills: Stakeholder Collaboration, Policy Development, Compliance Assessment, Risk Governance, Regulatory Evaluation, Healthcare Data Protection, Cybersecurity Alignment, Cloud Adoption

• Manage and lead a team of security engineers to conduct cybersecurity operations and incident response
• Act as the primary incident handler during an incident
• Working with internal stakeholders such as the network and system team for investigations and cybersecurity planning
• Analyse and correlate information security events to identify appropriate event-handling actions
• Evaluate the effectiveness of current incident response plan against industry good practices
• Evaluate response plans periodically to ensure relevance
• Rate and categorize potential security incidents
• Recommend suitable enhancements to improve information security performance
• Test incident response plans periodically to ensure response times and executed procedures are acceptable
• Assess operational and implementation costs, and evaluate them against the potential business impact if policies and controls are not implemented
• Keep abreast of new cybersecurity threats
• Design security training materials and organize training sessions for the other departments
• Collect and analyze data and assist in eliminating risk, performance, and capacity issues

Skills: Team Management, Incident Handling, Stakeholder Collaboration, Security Event Analysis, Incident Response Evaluation, Incident Categorization, Security Performance Enhancement, Training Development

• Operating independently to mitigate and manage cyber risk and implement appropriate security measures.
• Serving as staff lead for all cyber risk and security issues.
• Establishing policies and procedures related to cyber security and risk mitigation.
• Providing and tracking cyber security training for City employees.
• Ensuring City compliance with information security regulatory obligations.
• Preparing oral and written reports for senior management, the City Manager's Office, and elected officials.
• Facilitating participation in Cybersecurity awareness activities including, but not limited to, Cybersecurity Awareness Month.
• Offering expertise and providing leadership-level support for initiatives to improve City-wide cyber security.
• Manage network firewall rules and monitor logs/alerts for security events.
• Teaming with Senior System Analysts to build hardened server and client operating systems (OS).
• Performing penetration testing on external and internal infrastructure.
• Building effective partnerships with internal customers and external organizations to support security efforts.
• Formulating action plans with defined objectives, targets, and responsibilities to support agreed-upon goals and strategies.
• Supports the analysis of the onboard events and collaborates with the Corporate SOC team for their handling
• Local administration of the Cyber security services (Email/internet Gateway, Office365, Antivirus, IAM, MFA, etc.)

Skills: Cyber Risk Management, Cybersecurity Policy Development, Cybersecurity Training Facilitation, Regulatory Compliance, Report Preparation and Presentation, Cybersecurity Awareness Initiatives, Network Firewall Management, Penetration Testing.

• Identifying and explaining cyber risks within digital transformation initiatives, especially in the light of increasing supply chain cyber risk
• Shaping and delivering innovative cyber solutions by implementing people, governance, process or technological improvements
• Building long-term and trusted relationships with key senior stakeholders across the client organizations
• Leading high-profile security transformation programs that deliver step-change security improvements and help the clients safeguard their digital investments
• Engaging, coordinating, and managing global Deloitte teams, bridging cultural and language barriers, to optimally serve the international clients on complex engagements
• Manages the Cyber risk and reports to the cyber security steering committee and the DPA
• Ensures that information assets and OT are adequately protected, in compliance with the IMO guidelines, Cyber Security Risks management, and the Company SMS
• Plans, organizes, and direct the completion of specific Cyber Security projects
• Coordinates the Cyber Security team in the UK and the activities of the Security Travelling Specialist and IT / OT Specialist
• Manages the cyber requirements of the new buildings at a contract level and ensures their implementation interacting with the related vendors
• Works with business and onboard IT units to implement security practices that meet defined policies and standards for information security
• Develops, maintains, and publishes up-to-date local and onboard information security procedures aligned with the Corporate Cyber Security policies, standards, and guidelines
• Creates and manages information security awareness training programs for the Fleet
• Performs periodic vulnerability assessments and follows the remediations

Skills: Cyber Risk Identification, Innovative Cyber Solutions, Stakeholder Relationship Building, Security Transformation Leadership, Global Team Coordination, Cyber Risk Management, Information Security Compliance, Vulnerability Assessment.

• Working cross-functionally to develop strategies to identify, mitigate, and manage current and emerging cyber threats
• Provide constructive advice and challenges on the management of cyber risks throughout the organization
• Work closely with IT and other stakeholders to ensure a multi-layered approach to cyber security is adopted, ensuring the confidentiality, integrity, and availability of IT services
• Advising design, service, and operations teams on security requirements and implementation.
• Helping analyze and mitigate incidents raised to the information security team
• Providing SME support to other business functions
• Providing a Risk Management approach to ensure information security solutions and controls are commensurate to the business risks
• Create, develop, and maintain security policies and practices
• Perform solution cybersecurity security assessment, including Zones and Conduits architectures
• Identify the not acceptable risks for each component and/or sub-system
• Liaise with the platform and program team to define the most suitable solution reducing the risk to an acceptable value
• Specify the platform cybersecurity requirements and validate their implementation
• Perform technological watch and vulnerability analyses for program.
• Participate in the implementation of cybersecurity within Alstom processes
• Verify that all parts of the program organization, including subcontractors, perform their work according to the applicable security requirements, security rules, security guidelines, security information

Skills: Cyber Threat Management, Risk Assessment and Mitigation, Multi-Layered Cybersecurity Approach, Security Requirements Advising, Incident Analysis Support, Risk Management Strategy, Security Policy Development, Vulnerability Analysis and Reporting.

• Experience conducting Adversary Emulation assessments
• Experienced in incident response support
• Familiarity with Dark Web Monitoring of enterprise environments
• Familiarity with Threat Intelligence Platform deployments and optimization of those platforms
• Strong experience working with threat intelligence sharing communities
• Experience in a similar role in a large mission-critical environment
• In-depth understanding of adversary tools, tactics, and procedures
• Deep understanding of software vulnerabilities, and the proactive identification of vulnerability intelligence
• Deep understanding of computer network defense and associated tools
• Demonstrated expertise in threat modeling

Qualifications: BS in Cybersecurity with 5 years of Experience

• Experience in a cybersecurity role
• Demonstrated experience applying security and risk frameworks
• Experience designing cybersecurity programs for a cloud-first/SaaS-first environment 
• Experience in ecommerce/direct to consumer businesses 
• Skilled at evaluating and selecting appropriate cybersecurity tools
• Ability to take vague questions, problems, or goals and identify the specific action(s) needed to answer, solve, or reach them
• Experience mentoring, coaching, or managing others
• Problem solver with a sense of urgency
• Entrepreneurial mindset and ability to take ownership
• Excellent communication skills

Qualifications: BS in Information Technology with 4 years of Experience

• Demonstrated ownership of the offerings catalog (products and services) with responsibilities to drive sales and conceptualize and build new products and accelerators working with clients and partners
• Experience defining interfaces with internal and external engineering teams including firmware/software
• Skills and experience in cybersecurity, engineering, and telecommunications 
• Experience developing and driving trade studies, requirements definition, flow down, and validation, interface control documents
• Enterprise Architecture certifications such as TOGAF, Zachman, Open CA, or similar certifications.
• Strong management relationships at network and communication service providers, and cloud service providers, which will benefit go to market alliances with these vendors.
• Demonstrated experience in defining and deploying cybersecurity strategies and programs for large and complex organizations
• Proven track record in defining and implementing cyber risk management and governance models
• Strong experience in technology-based tools or methodologies to review, design and/or implement enterprise programs
• Lead a team of technical experts based at multiple locations

Qualifications: BS in Computer Science with 2 years of Experience

• Experience in development of automotive safety-related products.
• Solid background in at least one field (electronics, embedded software, or system control strategy) and a good awareness of the others. Strong software background
• Detailed knowledge and proven experience with ISO 26262, familiar with automotive development and quality process.
• Experience with system engineering approaches (requirements engineering management, functional analysis and allocation, architectural design, review, and testing).
• Experience with change, configuration, and problem resolution management.
• Solid knowledge of conducting safety analysis (D-FMEA, FTA, FMEDA, DFA, FFI).
• Knowledge of product development lifecycle and software development processes (e.g., IATF16949, A-SPICE, CMMI).
• Knowledge of Automotive Cyber Security
• Knowledge of vehicle architecture as well familiar with architecture best practices at functional and physical level, which can either be at vehicle or component level.
• Capable of describing and communicate test cases, test scenarios, procedures, and methods Knowledge about product development process ASPICE/CMMI.
• Familiar with the constraints of automotive environment

Qualifications: BS in Information Security with 3 years of Experience

• Working knowledge of Cloud Security Framework, General Data Protection Requirement (GDPR), COBIT 5, PCI DSS, ISO 27001/2, HIPAA, California Consumer Protection Act (CCPA), NIST 800-171/800-53/NIST 800-37 
• Background and understanding of the risks and controls in technologies such as web, cloud, client/server, open systems architecture, data warehousing, and imaging 
• Proficient understanding of Cloud security, Identity and Access Management, ERP, Operating Systems, Databases, and Network Infrastructure components
• Knowledge of risks and controls in emerging technologies based on Blockchain, Internet of Things (IoT), and Artificial Intelligence is a plus
• Experience managing simple and complex information technology internal audits
• Experience managing team of various sizes across geographical boundaries
• Exceptional oral and written communication skills
• Demonstrated ability to manage client engagements and supervise staff
• Deep knowledge of cybersecurity-related standards/frameworks: NIST, ISO 27001, CIS Critical Security Controls, etc.
• Demonstrated ability in leading teams and supervising workstreams in client engagements
• Knowledge of common cyber-attack methodologies and exploitation techniques

Qualifications: BS in Network Security with 6 years of Experience

• Previous military, law enforcement, or corporate experience
• Familiarity with a variety of security concepts, practices, and procedures.
• Up-to-date knowledge of security equipment and technologies.
• Demonstrated ability to facilitate customer meetings, negotiate, and influence outcomes.
• Strong program/project management and leadership skills to manage projects and meet deadlines while maintain high quality.
• Strong investigative skills and strong, clear, and concise report-writing skills.
• Good know-how of Windows-based tech stack
• Decent understanding of the current threat landscape including common attack types and malware capabilities
• Fluent in English both speaking and writing
• Precise, structured working style and ability to adapt quickly to different situations
• An open-minded personality who likes to work in a team and communicate with different stakeholders
• Relevant working experience, including partnering with both IT and business stakeholders

Qualifications: BS in Computer Science with 8 years of Experience

• Relevant tertiary qualification in Computer Science, Information Technology, Cyber Security or similar
• Industry certifications in ICT security
• Strong working knowledge of cyber security standards and frameworks including ASD Top 35
• Experience in incident management and response
• Experience analyzing threat data
• Knowledge of Information Security, Risk Management, and Controls
• Ability to provide opinion and direction clearly and concisely with regard the state of risk and the control environment.
• Strong technical skills, as well as communication and presentations skills
• Self-starter with the ability to deliver the audit plan.
• Able to work collaboratively with team members within audit and across the organization.
• Ability to assess risks, identify key controls, and document appropriate test plans to deliver on audit objectives.
• Excellent communication skills required with experience in engaging with Executive Management.
• Good Knowledge of core cyber controls and technologies and operational resilience frameworks and cloud technologies.

Qualifications: BS in Cybersecurity with 6 years of Experience

• Ability to manage multiple tasks, effectively communicate both internally and externally
• Proven ability to work with clients and third-party vendors
• Hold regular security reviews with customers (BBC, ITV, etc)
• To have a fine eye for detail, making sure SACS, BTSECS, audits, and policies/processes are correct
• Solution Focussed Achiever and a Collaborative Partner
• Inspiring Communicator Mandatory Skills
• Previous experience of working in security
• Proactive approach to dealing with security matters
• Understanding of Vulnerability management tools such as IDS, IPS and vulnerability scanner, etc.
• Knowledge of privacy regulations such as GDPR 
• Experience in writing information security reports
• Working Knowledge and experience or writing information security policies and procedures.
• Broad Knowledge of Risk framework standards
• Experience leading apprentices/grads

Qualifications: BS in Computer Engineering with 5 years of Experience

• Experience in IT infrastructure support, network administration, or site administration roles
• Proven ability in information security principles, latest industry awareness, and current knowledge
• Strong prior experience with Privileged Access Management solutions, least privileged access approaches
• Firm working knowledge of firewall technologies, creating rule sets, policies, and procedures
• Strong knowledge of TCPIP networking principles including subnetting, LAN, and WAN technologies
• Proficient knowledge of generating and administering web-based security certificates, international DNS records, and other security features necessary for Internet-facing systems
• Proficiency in native cloud security architecture and protocols
• Proficient knowledge of Microsoft Active Directory key security features including GPOs, ACLs
• Awareness of Microsoft operating systems including patching and vulnerability assessment, and knowledge of LinuxUNIX-based systems an advantage
• Proficiency in programming languages or PowerShell scripting welcomed
• Very good analytical skills, logical thinking, and diagramming capability
• Strong and confident interpersonal and customer service skills
• Ability to interface with personnel from various departments and levels, both technical and non-technical
• Excellent organizational skills 

Qualifications: BS in Computer Science with 4 years of Experience

• Demonstrated initiative, self-reliance, and proactive behavior to work independently, and achieve stated goals
• Knowledge of methodologies, frameworks, best practices, and international standards regarding Information Security, IT Risk & Security Assessment, Governance&Compliance, Data Privacy/Data Protection (i.e. ISO/IEC 27000, NIST, PCI DSS, GDPR)
• Knowledge of IT security technology solutions (i.e. SIEM, Identity & Access Governance, Data Security&Protection, IDS/IPS, Fraud Detection, Data Masking&Tokenization, PKI)
• Proven experience in implementation and management of Identity&Access Management systems
• Proven experience using vulnerability management tools and techniques
• Relevant qualifications such as CISSP, CISA, or CISM 
• Significant experience in conducting cybersecurity audits or auditing infrastructure that is Cloud-based.
• Knowledge in automotive network architectures, CAN communication, and cybersecurity.
• Experience with vehicle automotive testing and development.
• Experience in embedded control system design.
• Good technical problem-solving skills.
• Strong written and verbal communication skills.
• Basic Program management experience.
• Familiarity with AUTOSAR and knowledge of ISO/SAE 21434.

Qualifications: BS in Software Engineering with 5 years of Experience