Cybersecurity GRC Specialist

About Your Role

The Cybersecurity GRC Specialist will execute cybersecurity activities with a focus on cyber governance, risk, and compliance, to achieve a full Secure by Design lifecycle for the customer, and support the security objective of system accreditation.

The main activities of the role:

Develop the Statement of Applicability (SOA) to contain the derived system security requirements and support each of the sub-system engineering streams to embed the Security functional requirements in their product selection, design work and testing activities.

Analyse the ISM, PSPF and all applicable policies and standards to identify all relevant Security Engineering requirements to be captured in the SOA and forms the basis of the System Requirements Specifications (SRS).

Work closely with the lead engineers in every subsystem, to provide security guidance and ensure system security requirements are being implemented as per the ISM intent, are addressed in each of their system designs and solutions.

Contribute to the System Security Plan (SSP) of the subsystems’ security design and solution and the functional security requirements.

Identification and assessment of the security risks, to be documented in the Security Risk Management Plan (SRMP) as well as proposing mitigation options to address them.

Contribute to test strategy and development of the detailed test procedures to achieve effective and re-usable testing methods for the verification of the security requirements for security accreditation.

Contribute to the preparation activities identified for the Security Engineering activities at each of the project reviews (SRR, IBR, CDR, C/DRR, IRD, ESV and SAT).

Support the development of security artefacts necessary to achieve the Security Accreditation of the system and support (Development and Test) system(s).

Support and contribute to the V&V testing activities across the range of subsystem engineering teams.

Facilitate the IRAP assessor engagement by assisting with the audit and review activities.

Engage and coordinate penetration testing activities, including the preparation of the activities, organisation of the facilities and system access.

Track and report remediation activities and effort.

Provide cybersecurity engineering support during the Operate and Maintain phase of the project, up to the system-of-system level.

Optimise processes and work activities, focusing on the efficiency of project execution (structure, roles, interfaces, artefacts, template, re-use. coordination).

Apply and tailor as appropriate the system and cyber engineering processes, practices and tools applicable to the project.

Identify and review security risks and issues, and propose effective solutions; execute agreed mitigation actions and report on outcomes or cost savings and residual risks.

How About You?

A tertiary qualification in Engineering, Computer Science, IT or other relevant qualification with a focus on cybersecurity, or can demonstrate a high level of competence through career experience and self-study

Demonstrated knowledge of the engineering life cycle, from concept design, requirements capture and management, system and subsystem design, system integration through to test strategies, acceptance and support phase.

Strong ability to turn complex issues into an appropriate level of detail in a methodological manner through the application of structure systems analysis and associated engineering processes and tools.

Experience working in multi-skilled engineering teams within a matrix environment.

Solid understanding of cybersecurity and its application in the engineering of systems.

Strong appreciation and adherence to security engineering processes, and high-quality delivery.

Demonstrated ability to analyse and solve problems, working with a range of colleagues and stakeholders in a project context.

Proficient knowledge and use of DOORS.

Advanced knowledge of ISM, PSPF and NIST standards

Good to Know

You’ll get an email acknowledgement after you’ve applied, Thales strives to provide a personalised experience for all suitable applicants.

Prior to offer you’ll complete a pre-employment police and medical check.

For more information on Thales visit us @ThalesCareers on Instagram