Reporting to the Head (Air Navigation Services Safety and Security), you are part of a team that is responsible for the cybersecurity aspects for the Air Navigation Services Group (ANS Group) in CAAS.
Your responsibilities include:
- Provide a complete and systematic overview to the Accountable Executive (AE) and CAAS management on existing ICT security risk for Air Navigation Services (ANS) systems and on the necessary security safeguards in compliance with Critical Infrastructure Information Policy (CIIP), IM8, and other relevant sector-wide cybersecurity policies
- Provide regular management reporting of current cybersecurity status and readiness of ANS systems
- Conduct internal cybersecurity oversight functions, to ensure that system owners of ANS CII and ICT systems perform cybersecurity audit adequately and in compliance with the regulatory requirements.
- Identify cyber threats and vulnerabilities in order to propose the corresponding risk mitigation
- Ensure that ANS Information System and Cybersecurity policies and procedures are adequate, relevant and updated
- Collaborate with internal and external stakeholders to regularly review and enhance the ANS Information System and Cybersecurity policies and procedures
- Keep abreast of Cybersecurity policies, code of practice and regulations to ensure effective internal cybersecurity oversight
- Provide ICT security awareness amongst the ANS group
- Trained in Cybersecurity, Information Security, Computer Science, Engineering (Computing/Telecommunications) or equivalent.
- At least 3 years of direct and relevant full-time cybersecurity work experience in policy formulation, incident response, management and compliance.
- An active professional certificate in Cybersecurity or Information Security from ISACA, (ISC)2 or equivalent will be an advantage.
- Strong domain knowledge of information security governance and risk management, controls, vulnerability assessment / penetration testing, compliance, business continuity, system architecture and design, legal, and industry IT/OT and cybersecurity best-practices
- Possession of critical thinking and communication skills is essential