- October 15, 2024
- Posted by: saul.marong@gentrianlimited.com
- Categories:
VICE PRESIDENT GOVERNANCE RISK & COMPLIANCE- AEROSPACE AND DEFENSE:
Bullisher is a data centric fintech Solution provider in the aerospace and defense industry for institutional level investors, looking to disrupt and revolutionise a $3 trillion dollar industry. We spearhead an industrial-leading Blackbox to facilitate and administer trade agreements pioneered by a vehicle, driven by our new generation benchmark delivering solutions through innovation with uncompromising agility. Predicts trends in the aerospace and government defense entities, predicts trends in political shifts and the ability to influence actual effect changes in government policies through innovation.
JOB DESCRIPTION:
The oversight requires you to create an immersive simulation based that leverages advanced problem-solving methods and complex cognitive tasks to deliver real-global operations scenarios for performing GRC task in virtual reality to practically apply it into existing business practices. Collaborating with leading-edge from cognitive thinking systems, networks topology, Systems of System Engineering, cybersecurity, space applications and the electromagnetic spectrum operations applications and discipline-based best practices. Developing and delivering security programs fast-pace innovational waves, the effects which will be fast and hard to detect and harder to defend such as advanced robotic, cognitive thinking systems, Intelligent networks ecosystem, complex automation with additional accelerators armed with human brains intelligence. Areas to focus: Configure and manage networks, servers, Optical ground station terminal, data centre and Critical infrastructure, Manage day-to-day IT & Engineering needs (system administration, help desk support).Monitor security tools and respond to alerts and incidents. COMPLIANCE ACTIVITIES: Change Management, Certificate management, Trust monitoring, update distribution, Incident Management, maintenance, vulnerability scanning, implement NIST SP 800-171 for internal systems. Establish a System Security Plan (SSP). The SSP (System Security Plan) needs to go through each NIST SP 800-171 control and include how the control is implemented, monitored and enforced. Primary source of cybersecurity policies Identifying systems, artifacts, procedures, and plans. Firewall ruleset and explanations why ports/protocols/services allowed Identify roles/responsibilities, related training requirements. “Define” – if information or a value does not need to be known outside the IT & Engineering department, can be defined inside the SSP. Identifying how requirements are inherited from other providers. Identifying “tests” for requirements, to verify controls are working Reference other SSPs relevant to environment. Deliver a highly energetic, engaging, interactive design to prepare to be fit-for-purpose on their first day in their new role. Our approach is everything is Centred on human-first design guided by recognized science, responsive to the needs of a unique era, predicting, protecting, and defending intelligent ecosystem. Areas to focus will include:REGULATORY INFRASTRUCTURE-Regulatory and Compliance frameworks complying with cybersecurity laws and regs across jurisdictions (UKSA, ESA, EDRS, OFCOM, EMC, CMMC, ITAR, & DoD) and unifying these into an integrated framework using automation. Adhere to the highest principles of ethics, conduct and personal responsibility of trust. Bring to light new knowledge by investing in creative processes, represent and reflect the [GRC] governance, risk and compliance. Respect and value the richness inherent in differences to create inclusive and equitable environment for all. GOVERNANCE-Create programs and pathways for transition into cybersecurity, regulations, compliance and GRC taking business translating that into technical and security risk. RISK MANAGEMENT-The goal of the project to understand the lifecycle of risk, apply complex critical skills the startup, its executives and the critical business processes, asset inventory, risk assessment, identifying threats actors, identity and access management audits, configurations management, identify the highest risk to the applications, and then construct an attack against the asset that exploits the specific vulnerability, leveraging a specific piece of malware. Map out a possible kill chain for the attack to identifying applications, preventative and detective controls that would’ve prevented or detected the attacks. Detecting and responding to this large innovational waves, speed and agility are defining factors for the edge. Areas to cover will include :Security frameworks that are certifiable that an outside organization can certify against. E.g Data privacy legislation including GDPR, PCI DSS, EMC, ITAR, EDRS, and CMMC. Established EO13556, Controlled Unclassified Information (CUI) program standardizes the way the executive branch handles unclassified information that requires safeguarding or dissemination controls pursuant to and consistent with law, Federal regulations, & Government-wide policies. Cybersecurity teams will be required to designed protection and defense mechanisms for machine learning systems to audit algorithms and defend against attacks of these systems and perform forensics. Establish and Build an auditing framework based upon AIOps. Established a process; Analysing the data that is collected, how it was collected, the teams and diversity of the team that were involved in the collection of the data, determine wether their was bias in the system and if there is bias in the systems, what mitigation to ultimately implement and mitigate the bias. Enforce security controls to defend this system. INCIDENTS RESPONSE- (Establish a incident reporting lines and Disaster recovery plans in conformity defined by DFARS 7012 requirements) Defense Federal Acquisition Regulation Supplement. (Areas to cover will include): Conduct annual incident response exercises-ESTABLISH A ADMINISTRATIVE LIFE CYCLE HIERARCHIC CRYPTOGRAPHIC KEY PROTOCOL:(centralized group key management protocols, decentralized architectures, distributed key management protocols, cryptography based access controls, intrusion detection and defense). You will also define and implement best practice information security policies and standards conformity with ISO 27001 principles. We are a startup enhancing the formation of early stages of a product development project.
ENVIRONMENT: This position will operate in the following areas of the organization regulatory engineering division MULTIDOMAIN DEFENCE DOCK:
MULTIDOMAIN DEFENCE DOCK“ Standard engineering lab environment ”
Employees must be legally authorised to work in the UK. Verification of employment eligibility will be required at the time of hire. Visa sponsorship is not available for this position.
QUALIFICATION, KEY REQUIREMENTS AND SKILLS SET:
- 20yrs experience in Emergent technology
- Experience in architecting building and securing systems in scale. E.g Health care tech/Advanced Robotics/Artificial Intelligence systems including their impact on diversity/Electronic arts.
- In-depth knowledge of cybersecurity compliance standards such as ISO, SOC, EMC, NIST, CMMC, EDRS and ITAR.
- certifications in (ISACA, CISM, CRISC, CISA, ITCA)- (Professional Simulation engineering certification)
- Certified Information Security Manager (CISM) is essential.
- Certified Authorization Professional (CAP)
- Information Systems Security Architecture Professional (ISSAP)
- GIAC Security Leadership Certificate (GSLC)
- Information Systems Security Engineering Professional (ISSEP)
- Information assurance system architecture and engineer (IASAE)
- It’s prerequisite to be certified one of the listed DoD 8570 Certifications.
- INTERVIEW PROCESS:
- STAGE 1: COGNITIVE ASSESSMENT SCREENING: WITH A 30yrs+ EXPERIENCE PSYCHOLOGIST:
- STAGE 2: PRE-SCREENING (verification checks & DV security clearance)
- STAGE 3: INTERVIEW WITH THE: CEO, CTO & GC