Senior Risk Management Analyst

When you join Cubic, you become part of a company that creates and delivers technology solutions in transportation to make people’s lives easier by simplifying their daily journeys, and defense capabilities to help promote mission success and safety for those who serve their nation. Cubic Transportation Systems (CTS) is a global leader in intelligent transportation solutions, specializing in technologies that make public transit more efficient, accessible, and user-friendly.

As a member of the Cubic information security team, you will provide security compliance support for production transaction processing environments. You will evaluate the posture of security controls and operating environment to ensure compliance with organisation security policies and controls. You will plan and prepare the scope of IT compliance evaluation programs across the organisation, isolate potential risks or liabilities, and develop mitigation plans. You will partner with external auditors to coordinate and facilitate PCI-DSS, ISO 27001, etc. compliance/audit efforts.

Essential Job Duties and Responsibilities:

• Perform as the recognized Subject Matter Expert on Security Risk Assessment methodology, policy, strategy and processes.
• Facilitate all security audit operations, including scheduling, vendor coordination, program, and stakeholder coordination.
• Responsible for coordination with the Internal/External Auditors and Information Technology teams to successfully complete periodic audits.
• Lead the design and control reviews and assessments to support continuous compliance with security policies and standards.
• Manage security review processes for all solutions to ensure their design and implementation meets compliance requirements – including PCI-DSS, ISO 27001, SOC 1 & SOC 2 and other regional requirements.
• Document and actively communicate any areas where the solutions and processes are not fully compliant.
• Identify and report significant information security risks associated with applications, development, networking, data centres, Cloud and physical IT infrastructure, vendors and other third parties.
• Identify stakeholders in remediation of compliance gaps and actively escalate issues to them in a constructive manner.
• Work with system operators and security subject matter experts to communicate system compliance gaps and develop acceptable remediation plans.
• Capture compliance gaps and remediation plans in the OneTrust GRC system.
• Liaise with Cubic customers and Security Teams to build positive relationships and outcomes.
• Support efforts to educate Security Management and Security Team Members in compliant IT processes and controls.
• Prepare and maintain process and control documentation.
• Aid in the development of solutions to problems identified during audits and translate these solutions into practical recommendations.
• Follow up on recommendations and appraise corrective actions taken to improve deficient conditions.
• Review vendor contracts and SOC reports to evaluate the impact on the company’s controls.

General Duties and Responsibilities:

• Reliably demonstrate accountability for work assignments and proactive communications about issues and status.
• A strong history of proactively identifying effective solutions for challenges.
• Able to operate in a professional manner, even in tense or continuous settings.
• Comply with Cubic’s Quality Management System.
• Comply with Cubic's quality, health, safety, and security policies.
• Support the company's strategic objectives and collaborate across departments.

Skills/Experience/Knowledge:

• Essential: Strong written and oral communication skills in English, with capability to use Microsoft Office solutions.
• Ability to effectively and openly collaborate with team members, clients, IT management, staff, and business units in a cross-functional and matrixed IT organisation.
• Familiarity with PCI DSS 4, ISO 27001-2022, and/or SOC I/II requirements and audits.
• Expert level experience collaborating with stakeholders and solution providers in a cross-functional and matrixed IT organisation.
• Exhibits advanced wide-ranging experience, using in-depth professional knowledge, acumen, concepts and company objectives to develop, resolve complex models and procedures.
• Understands and works on complex issues where analysis of situations or data requires an in-depth evaluation of variable factors.

Qualifications:

• Essential: Experience in services or IT systems in a mission-critical setting.
• University degree in Computer Science, Engineering, or other technical fields, or Business Administration with relevant IT work experience.
• Experience working in IT security and/or Payment Card processing systems.

We are committed to creating an inclusive workplace and welcome applications from people of all backgrounds. We do not discriminate based on any protected characteristic under applicable law.