Cyber Security Lead
EDL
Location: Brisbane
Job Type: Full time
Posted
EDL owns and operates a global portfolio of power stations in Australia, North America and Europe. Our vision is to be the leading global producer of sustainable distributed energy. At EDL, we are playing a key role in the world’s transition from traditional energy sources to decarbonised solutions.
The Cyber Security Lead is responsible for managing the EDL cyber security portfolio across all sites globally; including, but not limited to strategy and framework development and ownership, governance and operation of the cyber security function, across IT, OT, IoT and digital domains. This position is a hybrid role offering the ability to work from home 2 days per week.
Key Areas of Responsibility include:
- Develop a cyber security strategy that enables and facilitates the organisation’s business objectives and ensure senior stakeholder buy-in and mandate.
- Develop, implement and monitor a strategic, comprehensive digital risk management (DRM) program covering the IT, OT, IoT and digital domains.
- Work effectively with business units to facilitate digital risk assessment and risk management processes.
- Develop and enhance an up-to-date cyber security management framework based on NIST Cyber Security Framework and AESCSF.
- Provide regular reporting on the current status of the cyber security program to enterprise risk teams, senior business leaders and the board of directors.
- Manage and contain cyber security incidents and events.
- Monitor the external threat environment for emerging threats and advise relevant stakeholders on appropriate courses of action.
- Manage the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans and communicate information about residual risk.
- Manage and coordinate the operational components of incident management and the day to day activities of threat and vulnerability management.
- Develop and oversee effective disaster recovery procedures and manage security projects.
Person Specification:
- Strong leadership skills and the ability to work effectively with business managers, IT and OT staff.
- Proven ability to build strong working relationships with various levels of stakeholders.
- Excellent verbal and written communication skills.
Qualifications and Experience:
- Minimum 5 years of experience in a cyber security role/similar role.
- Related tertiary education completed, current certifications such as CISSP, CISM, GIAC GRID or GFCA or a combination of related qualifications and practical experience.
- Experience with cyber security frameworks such as NIST or AESCSF.
- Familiarity with GDPR, APP and PIPEDA.
- Proven deep knowledge in 3 or more of the following areas:
- Proficiency in performing risk, business impact, control and vulnerability assessments and in defining treatment strategies.
- Knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical and project plans.
- Strong analytical skills to analyse security requirements and relate them to appropriate security controls.
- An understanding of operating systems internals and network protocols
- Familiarity with the principles of cryptography and cryptanalysis.
- Experience in application technology security testing (white box, black box and code review)
- Experience in system technology security testing (vulnerability, scanning and penetration testing)
EDL is committed to creating a diverse and inclusive environment and is proud to be an equal opportunity employer.