Risk Management Analyst, AUS

« Back to Jobs

Risk Management Analyst, AUS

Cubic Corporation | Sydney, AU

Posted a day ago

Apply Now

Description

Overview

Cubic Transportation Systems (CTS) is a global leader in intelligent transportation solutions, specializing in technologies that make public transit more efficient, accessible, and user-friendly. A significant feature is providing Fare and Payment card services to government and municipal customers across the globe.

Job Summary

As a member of the Cubic information security team, you will provide security compliance support for production transaction processing environments. Evaluate posture of security controls and operating environment to ensure compliance with organization security policies and controls. Plans and prepares the scope of IT compliance evaluation programs across the organization and isolates potential risks or liabilities and develop mitigation plans. Partners with external auditors to coordinate and facilitate PCI-DSS, ISO 27001, etc. compliance/audit efforts. This position typically works under limited supervision and direction. Candidates for this position will regularly exercise discretionary and substantial decision-making authority.

Responsibilities

  • Perform as the recognized Subject Matter Expert on Security Risk Assessment methodology, policy, strategy and processes.
  • Facilitate all security audit operations, including scheduling, vendor coordination, program, and stakeholder coordination.
  • Coordinate with Internal/External Auditors and IT teams to successfully complete periodic audits. Schedule and conduct control walk-through meetings and address follow-up procedures to ensure all stakeholders understand duties and responsibilities.
  • Lead the design and control reviews and assessments to support continuous compliance with security policies and standards.
  • Manage security review processes for all solutions to ensure their design and implementation meet compliance requirements including PCI-DSS, ISO 27001, SOC 1 & SOC 2 and other regional requirements (e.g., Australian Essential 8, NZ-ISM). Document and communicate any areas of non-compliance.
  • Identify and report significant information security risks across applications, development, networking, data centers, Cloud, IT infrastructure, vendors and third parties.
  • Identify stakeholders in remediation of compliance gaps and escalate issues to secure timely remediation. Manage escalation as needed for unresolved solutions.
  • Work with system operators and security SMEs to communicate compliance gaps and develop remediation plans.
  • Capture compliance gaps and remediation plans in the OneTrust GRC system. Plan, review, and perform controls monitoring around complex customer-facing systems using OneTrust.
  • Liaise with Cubic customers and Security Teams to build positive relationships and outcomes.
  • Educate Security Management and Team Members in compliant IT processes and controls. Prepare and maintain process and control documentation.
  • Aid in developing solutions to problems identified during audits and translate these into practical recommendations. Partner with Operations and Engineering to ensure timely remediation.
  • Follow up on recommendations and verify corrective actions to improve deficient conditions. Ensure adherence to Corporate Standards, SDLC, Change Management, and risk governance protocols where possible.
  • Review vendor contracts and SOC reports to evaluate the impact on the company’s controls. Coordinate with third-party vendors where appropriate.

General Duties and Responsibilities

  • Demonstrate accountability for work assignments and proactive communication about issues and status. Proactively identify effective solutions for challenges.
  • Operate ethically and communicate accurately even in complex situations.
  • Maintain professional conduct in tense or ongoing settings.
  • Comply with Cubic’s Quality Management System and policies (quality, health, safety, and security).
  • Support the company’s strategic objectives and collaborate across departments.
  • Comply with Cubic Human Resources Procedures.

Skills/Experience/Knowledge

Essential

  • Strong written and oral English communication; proficient in Microsoft Office; able to collaborate across IT, management, staff, and business units in a cross-functional organization.
  • Comfortable working with staff at all levels and in different locations.
  • Familiarity with PCI DSS 4, ISO , and/or SOC I/II requirements and audits.
  • Expert level experience collaborating with stakeholders and solution providers in a cross-functional organization; able to advise others on complex matters and contribute to delivery of business targets.
  • Extensive experience applying principles to develop policies and guide new ideas; able to resolve complex issues creatively and effectively.
  • Ability to analyze complex issues and determine methods and procedures for new assignments; exercises judgment in selecting methods and evaluating results.

Desirable

  • Deep understanding of security risks and threats relevant to the company’s operating environments.

Qualifications

Essential

  • Minimum 8 years’ experience in services or IT systems in a mission-critical setting.
  • University degree in Computer Science, Engineering, or related field; or Business Administration with relevant IT work experience.
  • At least 5 years’ experience in IT security and/or Payment Card processing systems with the ability to understand complex internal systems.
  • The candidate must reside within commuting distance from CTS offices in Brisbane, Sydney, or Wellington, and be able to travel within the region.

Desirable

  • Relevant security or IT compliance certifications (e.g., CISA, CRISC, CCSK, CISSP, GIAC, PCI-ISA/QSA or equivalent).
  • Knowledge of or willingness to learn information security best practices related to Open Payments, Mobility as a Service, data classifications, cloud security (Azure/AWS), web security, network security tools, encryption, database security, OS hardening, vulnerability assessment, SIEM and related risk mitigation practices.

Condition of Employment

Successful outcome of a National Police Check

The description provided above is not intended to be an exhaustive list of all job duties, responsibilities and requirements. Duties, responsibilities and requirements may change over time and according to business need.

Worker Type: Employee

#J-18808-Ljbffr