OverviewCubic Transportation Systems (CTS) is a global leader in intelligent transportation solutions, specializing in technologies that make public transit more efficient, accessible, and user-friendly.
A significant feature is providing Fare and Payment card services to government and municipal customers across the globe.Cubic Transportation Systems (CTS) is a global leader in intelligent transportation solutions, specializing in technologies that make public transit more efficient, accessible, and user-friendly.
A significant feature is providing Fare and Payment card services to government and municipal customers across the globe.Job Summary:As a member of the Cubic information security team, you will provide security compliance support for production transaction processing environments.
Evaluate the posture of security controls and operating environment to ensure compliance with organization security policies and controls.
Plan and prepare the scope of IT compliance evaluation programs across the organization and isolate potential risks or liabilities and develop mitigation plans.
Partner with external auditors to coordinate and facilitate PCI-DSS, ISO 27001, etc. compliance/audit efforts.
This position typically works under limited supervision and direction, and candidates will regularly exercise discretionary and substantial decision-making authority.ResponsibilitiesPerform as the recognized Subject Matter Expert on Security Risk Assessment methodology, policy, strategy and processes.Facilitate all security audit operations, including scheduling, vendor coordination, program, and stakeholder coordination.Coordinate with Internal/External Auditors and Information Technology teams to successfully complete periodic audits.
Schedule and conduct control walkthrough meetings and address follow-up procedures to ensure all stakeholders understand duties and responsibilities.Lead the design and control reviews and assessments to support continuous compliance with security policies and standards.Manage security review processes for all solutions to ensure their design and implementation meet compliance requirements – including: PCI-DSS, ISO 27001, SOC 1 & SOC 2 and other regional requirements like the Australian Essential 8 and NZ-ISM.
Document and actively communicate any areas where the solutions and processes are not fully compliant.Identify and report significant information security risks associated with applications, development, networking, data centers, Cloud and physical IT infrastructure, vendors and other third parties.Identify stakeholders in remediation of compliance gaps and actively escalate issues to them in a constructive manner that helps them understand the actions required.
Work to gain acceptance of responsibility and track progress towards remediation.
Actively manage escalation as needed if solutions are not resolved in a timely manner.Work with system operators and security subject matter experts to communicate system compliance gaps and develop acceptable remediation plans.Capture compliance gaps and remediation plans in the OneTrust GRC system.
Plan, review, and perform (as needed) controls monitoring around complex customer facing systems using OneTrust.Liaise with Cubic customers and Security Teams to build positive relationships and outcomes.Support efforts to educate Security Management and Security Team Members in compliant IT processes and controls.
Prepare and maintain process and control documentation.Aid in the development of solutions to problems identified during audits and translate these solutions into practical recommendations.
Partner with Operations and Engineering Teams to ensure timely and acceptable remediation of issues.Follow up on recommendations and appraise corrective actions taken to improve deficient conditions.
To the greatest extent possible, ensure all Corporate Standards, SDLC, Change Management, and risk governance protocols are followed.Review vendor contracts and SOC reports to evaluate the impact on the company's controls.
Coordinate with third party vendors where appropriate.General Duties and ResponsibilitiesReliably demonstrate accountability for work assignments and proactive communications about issues and status.
A strong history of proactively identifying effective solutions for challenges.Able to reliably demonstrate ethical behavior and accurate communications even when complex factors are involved.Able to operate in a professional manner, even in tense or continuous settings.Comply with Cubic's Quality Management System.Comply with Cubic's quality, health, safety, and security policies.Support the company's strategic objectives and collaborate across departments.Comply with Cubic Human Resources Procedures.Skills/Experience/KnowledgeEssential:Strong written and oral communication skills in English, with capability to use Microsoft Office solutions.
Ability to effectively and openly collaborate with team members, clients, IT management, staff, and business units in a cross functional and matrixed IT organization.Comfortable working with staff at all levels and in other geographical locations within the organization.Familiarity with PCI DSS 4, ISO 27001-2022, and/or SOC I/II requirements and audits.Expert level experience collaborating with stakeholders and solution providers in a cross functional and matrixed IT organization.
Ability to adapt style efforts to persuade in delivering messages that relate to the wider business.
Often called on to advise others on complex matters and may be accountable through team for delivery of business targets.Exhibits advanced wide-ranging experience, using in-depth professional knowledge, acumen, concepts and company objectives to develop, resolve complex models and procedures.
Provides solutions to issues in creative and effective ways.
Understands the interrelationships of different disciplines.
Directs the application of existing principles and guides development of new policies and ideas.Understands and works on complex issues where analysis of situations or data requires an in-depth evaluation of variable factors.
Determines methods and procedures on new assignments.
Exercises judgment in selecting methods, evaluating, adapting complex techniques and evaluation criteria for obtaining results.Desirable:Deep understanding of security risks and threats as they relate to the company's operating environments.QualificationsEssential:Minimum 8 years' experience in services or IT systems in a mission critical setting.University degree in Computer Science, Engineering, or other technical fields, or Business Administration with relevant IT work experience.At least 5 years' experience working in IT security and/or Payment Card processing systems.
Strong understanding of technical concepts, as well as demonstrated ability to understand complex internally developed systems.The candidate must reside within commuting distance from CTS offices in Brisbane QLD, Sydney NSW or Wellington NZ, and be able to periodically travel within the region.DesirableRelevant security or IT compliance certification in one or more areas, such as CISA, CRISC, CCSK, CCISSP, GIAC, PCI-ISA/QSA or equivalent.Knowledge of or willingness to learn information security best practices as it pertains to Open Payments, Mobility as a Service, data classifications, Microsoft Azure, AWS (or similar) cloud security and infrastructure, Web infrastructure security (Applications and APIs), Network security tools (IDS/IPS, firewalls, etc.), Encryption technology and implementation, Database security, Operating system security and hardening, vulnerability assessment tools and writing risk mitigation plans according to the assessment, and SIEM and FIM solutions.Condition of EmploymentSuccessful outcome of a National Police Check.The description provided above is not intended to be an exhaustive list of all job duties, responsibilities and requirements.
Duties, responsibilities and requirements may change over time and according to business need.
#LI-DM1Worker Type: Employee
#J-18808-Ljbffr