- July 16, 2024
- Posted by: saul.marong@gentrianlimited.com
- Categories:
SENIOR LEGAL COUNSEL( ENGINEERING)-AEROSPACE AND DEFENSE:
Bullisher is a data centric fintech Solution provider in the aerospace and defense industry for institutional level investors, looking to disrupt and revolutionise a $3 trillion dollar industry. We spearhead an industrial-leading Blackbox to facilitate and administer trade agreements pioneered by a vehicle, driven by our new generation benchmark delivering solutions through innovation with uncompromising agility. Predicts trends in the aerospace and government defense entities, predicts trends in political shifts and the ability to influence actual effect changes in government policies through innovation.
JOB DESCRIPTION:
The oversight requires a systematic ways of mapping GRC(Governance, Risk, compliance, Management and legal-engineering compliance) to ensure cybersecurity policies and processes are maintained effectively avoiding duplication of effort and clarifying focus for shared IT, engineering resources: Areas to cover will include- Corporate governance: Appropriate internal controls, processes and policies to meet GRC objectives, ensure engineering teams meets development velocity with legal’s mandate to manage IP risk, ensure they don’t inadvertently distribute code under a license that risks exposing sensitive IP. Get engineers on board during the tooling evaluation process, verify and provide the artefacts. Areas to cover will include- Risk: A team of three, will create, implement, policies from templates and interpret requirements, risk and structure approach to dashboard and demonstrate compliance status, define and document controls, document process and risk, identify and categorise risk, Physical inventory manage and maintained, only authorised hardware should be permitted to our network, assets managed in the inventory shall be owned, update accurate component inventory and configuration contained in centralized database with detection of unauthorised components, report on risk containment, tooling UI , workflows for engineering developers, complex automation, access control effectiveness, disclosure and compliance certification. Our focus is mapping multiple requirements and standards- complex IT infrastructure and industrials systems efficient of delivery of the project, operations and risk management processes, tracking controls, data centre, Applications, cabling, networks for large logical infrastructure, fixed infrastructure, data capture audits and implementation, cyber incident, cyber risk assessment, response and recovery. The startup needs should be expressed in some way as to what governance is required-(There will be sequences in areas where different teams involve is to how we plan, build, run and monitor our systems so that we get a feedback loop). This systems will change, the company structure might change, our sourcing partners might change, connected industrials might change, changes in standards might change, NIST cybersecurity framework might change, DoD requirements might change in conformity to controlled unclassified information (CUI) in accordance with requirements defined in NIST SP 800-171 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations. The Cybersecurity Maturity Model Certification or CMMC associated with CUI and information processing facilities shall be identified and an inventory of controlled unclassified information shall be effectuate into policies and maintained. There will need to be constantly reevaluate and refreshing updates. There will be concepts of attributes in the systems you will use those attributes when a particular process or standards is up for review, all the documentation, properties, queries and produce reports for auditing purposes. For example; when an individual leaves the company which policies, processes and procedures where involved in so we can update and amend them. Which policies and processes are due for amendment every quarter so we can set up an auditing cycle database driven model. Create a collegiate approach for Multiple frameworks and adding complexity Impact Changes in mapping techniques in GRC: Areas to cover will include- Legal support: changes in firewalls, which rules sets are supporting which workflows tools, where we have to separate our data part of our governance and compliance, encryption, document complex automation, network topology, systems mapping software, floor plan, data flows, rack, environment management, systems services applications at high level. Areas to cover will include- Training & development: Create a supporting environment for process mapping exercise for existing processes for standards and policies, engineering compliance and define where policies and standards should apply. We are a startup enhancing the formation of early stages of a product development project.
INTERVIEW PROCESS:
- STAGE 1: PRE-SCREENING (verification checks & DV security clearance)
- STAGE 2: INTERVIEW WITH THE: CEO & GC
QUALIFICATION, REQUIREMENTS AND SKILLSET:
- 10yrs of PQE in a similar position within the system engineering field/software & Product Counsel for SaaS /cloud lawyer/Technology lawyer.
- A qualified lawyer in a relevant jurisdiction, with at least 10years of post qualification experience, either in-house or in private practice.