Cyber Security Lead

EDL owns and operates a global portfolio of power stations in Australia, North America and Europe. Our vision is to be the leading global producer of sustainable distributed energy. At EDL, we are playing a key role in the world’s transition from traditional energy sources to decarbonised solutions.

The Cyber Security Lead is responsible for managing the EDL cyber security portfolio across all sites globally; including, but not limited to strategy and framework development and ownership, governance and operation of the cyber security function, across IT, OT, IoT and digital domains. This position is a hybrid role offering the ability to work from home 2 days per week.

Key Areas of Responsibility include:

• Develop a cyber security strategy that enables and facilitates the organisation’s business objectives and ensure senior stakeholder buy-in and mandate.
• Develop, implement and monitor a strategic, comprehensive digital risk management (DRM) program covering the IT, OT, IoT and digital domains.
• Work effectively with business units to facilitate digital risk assessment and risk management processes.
• Develop and enhance an up-to-date cyber security management framework based on NIST Cyber Security Framework and AESCSF.
• Provide regular reporting on the current status of the cyber security program to enterprise risk teams, senior business leaders and the board of directors.
• Manage and contain cyber security incidents and events.
• Monitor the external threat environment for emerging threats and advise relevant stakeholders on appropriate courses of action.
• Manage the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans and communicate information about residual risk.
• Manage and coordinate the operational components of incident management and the day to day activities of threat and vulnerability management.
• Develop and oversee effective disaster recovery procedures and manage security projects.

Person Specification:

• Strong leadership skills and the ability to work effectively with business managers, IT and OT staff.
• Proven ability to build strong working relationships with various levels of stakeholders.
• Excellent verbal and written communication skills.

Qualifications and Experience:

• Minimum 5 years of experience in a cyber security role/similar role.
• Related tertiary education completed, current certifications such as CISSP, CISM, GIAC GRID or GFCA or a combination of related qualifications and practical experience.
• Experience with cyber security frameworks such as NIST or AESCSF.
• Familiarity with GDPR, APP and PIPEDA.
• Proven deep knowledge in 3 or more of the following areas:

1. Proficiency in performing risk, business impact, control and vulnerability assessments and in defining treatment strategies.
2. Knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical and project plans.
3. Strong analytical skills to analyse security requirements and relate them to appropriate security controls.
4. An understanding of operating systems internals and network protocols
5. Familiarity with the principles of cryptography and cryptanalysis.
6. Experience in application technology security testing (white box, black box and code review)
7. Experience in system technology security testing (vulnerability, scanning and penetration testing)

EDL is committed to creating a diverse and inclusive environment and is proud to be an equal opportunity employer.