Job Summary:
NAVBLUE, an Airbus Company, is currently seeking a Security Analyst to join our growing team. The role is responsible for maintaining and monitoring the NAVBLUE Information Security Management System. Ensuring that NAVBLUE processes and products comply with the NAVBLUE security standard by Leading security audits. Ensure that all NAVBLUE processes and products maintain compliance with ISO 27001 standard. They will propose amendments and improvements to existing Security structures and policies, based on changes in the industry and best practices. This includes supporting and implementing Security initiatives across the organization, helping to develop the organizationâs knowledge, support of the Security function, and ensuring that all procedures are detailed within the appropriate documents. Help the company identify flaws in their infrastructure and make decisions based on technical analysis. You protect digital assets from unauthorized access and mitigate risks before a data breach occurs
Responsibilities:
- Responsible for the definition and establishment and maintenance of security operating procedures for internal use within the team, consistent with company policies and standards.
- Define regulations and procedures in accordance with corporate Security Policies and support the local implementation in local IT projects.
- Provides security guidance and practice in server administration including desktop support in a hybrid Windows and Linux environment as well as virtualized environments.
- Proactively assesses potential items of risk and opportunities of vulnerability in the network
- Provide assistance and guidance on improving the NAVBLUE Information Security Management Program.
- Maintain Security OKR and KPIâsÂ
- Lead performance of Internal and 3rd party security audits.
- Attend product risk analyst meetings, providing input to assist the product owners with the analyst.
- Assist security operations team with daily tasks monitoring network activity
- Determine security requirements by evaluating business strategies and requirements.
- Contribute to the evaluation, recommendation and implementation of cloud security controls.
- Prepares security reports by collecting, analyzing, and summarizing data and trends.
- Acting as a liaison between IT, engineering, architecture, network, and cloud teams to ensure threat and vulnerability management requirements are implemented and understood
- Proactively finding opportunities to minimize cyber threats and enhance response capabilities
- Leading and delivering reporting and metrics including Key Risk Indicators (KRIâs) as required.
- Maintain documentation at a level that meets the audit requirements of AS9100 rev c. and ISO 27001/2Â
Education:
- Successful completion of an Academic degree in Computer Science, Information Technology or equivalent
Experience:Â
- 5+ years experience working with technical security strategies at a senior level or above
- Solid knowledge of other Information technology areas such as IT support, Networking, Software design
- Must be a reliable, responsible self-starter with a demonstrated ability to work independently and prioritize effectively.
Licensure/Certifications:
- Must hold one of the following certifications: CISSP, CSIA, CISM, ISO 27001 Lead Auditor, ISO 27005 Risk Management
- Microsoft associate certification, CCNA, CompTIA Network +, A + would be an asset.
Communication Skills:
- Communication skills appropriate for interfacing at all levels of the organization including senior management and technical staff including documentation (top level policies, technical standards, etc.)Â
- Must work effectively with others in a team environment
- Project management skills and highly organized, capable of delivering IT projects on-time and on-budgetÂ
- Ability to work in an international environment spanning different jurisdictions with potentially different impacts on security
Technical Systems Proficiency:
- Functional and technical security architecture concepts (hardening - network segmentation)
- Should have a sound working knowledge of cybersecurity, including intrusion prevention, incident response, and ethical hacking.
- Understanding of data governance and privacy legislations
- Understanding of security audit programs
- Understanding of advanced security protocols and standards
- Understanding of OWASP and software development practices
- Experience with software and security architectures
- Creating procedures for IT employees and training them in security awareness
- Knowledge of Windows, Linux OS, Virtualization operating system (troubleshooting, installation)
- Conducting vulnerability testing and risk analyses to assess security and performing internal and external security audits
- Administration of Windows Server in an Active Directory environmentÂ
- Experience with monitoring tools
- Knowledge in the areas of log management/SIEM, BCP/DRP, IAM, DLP, IDS/IPS, vulnerability scanning, etc.
