Cyber Security Engineer at hearX Group

Job Purpose:

Responsible for company-wide cybersecurity and related document, process and record management to ensure that systems and products are safe and effective. Ensures data integrity, and that information is kept accurate and consistent unless authorized changes are made (and documented), and confidentiality by protecting information from unauthorized access. Responsible for cybersecurity compliance and training throughout the entity.

Minimum Requirements:

Education:

• Engineering degree, or Relevant Computer Science or IT Diploma/Degree (essential)
• CISM (Certified Information Security Manager) or CISSP (Certified Information Systems Security Professional) or CCSP (Certified Cloud Security Practitioner)  (desirable)
• ITIL Certified (desirable)

Skills and Knowledge:

• Documentation (both process documentation and records management) 
• Broad knowledge of hardware, networking, cybersecurity, vulnerability management, and cloud migration
• In-depth understanding of infrastructure and network architecture and design
• Working knowledge of Kubernetes implementation, support, and design
• Firewalls
• IDS/IPS
• Endpoint Security Solutions
• Access Control Systems
• System Engineering
• Incident detection and management

Experience:

• Minimum 5 years experience in Technology, Software, IT Infrastructure, and/or IT System Administration
• Minimum 3 years experience in Cybersecurity
• ISO 14971 (risk management) compliance
• SOC2 Type 2 (with HiTrust attestation) or HiTrust experience (or equivalent)
• Security policies, security procedures, security design, and implementation
• Management of Windows and Mac environments
• Vendor & Supplier Management

Key Performance Areas, Weighs, and Objectives:

Cybersecurity Management:

• Liaise with internal and external stakeholders to prepare for SOC2 Type II. 
• Drive SOC2 audit strategy and readiness. 
• Annual management of the renewal process and ensuring on-time compliance
• Manage certification body relationships
• Negotiate with outsourced vendors and contractors for infrastructure-specific products and secure services, including SOC2 consultants
• Understanding of relevant cyber, information and cloud security related laws and regulations
• Monitor all cybersecurity operations and infrastructure
• Maintain all security tools and technology
• Monitor internal and external policy and regulatory compliance
• Schedule ASV scans and internal vulnerability scans, remediating findings and ensuring accurate & timely reporting to satisfy PCI DSS requirements.
• Schedule annual Penetration Tests with the external supplier(s) and ensure implementation of items identified in remediation plans
• Regular account auditing, and all other PCI DSS requirements that need to be met
• Complete required cybersecurity applications and records for large customers and audits, including reporting as required.

Infrastructure Management:

• Plan, install, maintain, and upgrade IT systems and infrastructure focusing on cyber security.
• Design and execute short-  and long-term strategic plans to ensure infrastructure capacity attains current and future needs.
• Develop, execute and oversee procedures, policies, and related training plans for cybersecurity project management and infrastructure administration.
• Manage and establish priorities for maintenance, design, development, and analysis of entire infrastructure systems (inclusive of LANs, WANs, internet, security, and wireless implementations)
• Conduct research and recommend changes in services, products, protocols, and standards to support development efforts and infrastructure procurement.
• Define and manage a Disaster Recovery Strategy for the organization.
• Define software and hardware standards in collaboration with stakeholders and owners.
• Ensure appropriate security levels on the network, infrastructure and servers are maintained.
• Implement cybersecurity continuous improvement programs
• Crisis management - keeping stakeholders informed and actively working with teams to return service in the shortest possible time frame

Risk Management and Compliance:

• Collaborate with divisional Product Owners to define and centralize risks and put mitigation measures in place for new and existing products and services, from a cybersecurity and privacy perspective.
• Remediate audit items by putting measures in place to prevent the reoccurrence of findings.
• Participate in various internal and external audits as required in relation to cybersecurity

Vendor Management:

• Meet with key suppliers on a regular basis.
• Ensure that escalations required take place.
• Comment on SLAs when they are being drawn up.
• Enforce SLAs with vendors and clients.
• Ensure that new requirements are managed with vendors, particularly when exploring potential solutions and obtaining costs from vendors.

QMS and Documentation:

• Document outcomes of Penetration Tests, Remediation Plans, and required activities. 
• Document outcomes of Vulnerability Scans, Remediation Plans, and required activities.
• Maintain cybersecurity documents and records in line with certification requirements
• Maintained document bank and matrix for the cybersecurity setup and external customer-audit matrix requests. 
• Maintain documentation for cybersecurity-related risks.