Rail OT Cybersecurity Team Leader

{{ flashMessage.message }}

JOB DESCRIPTION / ROLE

Employment: Full Time

Rail OT Cybersecurity Team Leader - Success Profile

Reporting to: Rail OT Cyber security Manager

Division/Function: Transport / Dubai Metro

Base Location: Engineering and Maintenance

Key Purpose

The purpose of this Rail OT Cyber security Team Leader position is to:

- Perform Team leader level responsibilities for the Cyber Security and Rail Systems Team (CSRST) covering all of Engineering (ATC, Combs, AFC, MEPs, RSK, TRK & Cavils, Depot)
- Run an on-call system to be point of contact outside of the 24/7 running of the network
- Participate actively to the 5 main cyber security functions: Identify, Protect, Detect, Respond and Recover
- Supervise and lead a team to deliver its core objectives, but not limited to:
- Cyber security Preventative and Corrective Maintenance of Rail OT machines
- System wide back up of Rail OT machines
- Upgrade of the virus definitions of Rail OT machines
- Log and report on the Cyber security posture and conditioning of Rail OT machines
- Support the leadership to ensure that the identified controls as per the approved security baseline are maintained at all times
- Responsible for working in a 24x7 Cyber security Operation Centre (CSOC) environment
- Provide analysis and trending of security log data from a large number of heterogeneous security devices
- Investigate, document, and report on information security issues and emerging trends
- Provide Incident Response (IR) support when analysis confirms actionable cyber-incident
- Provide threat and vulnerability analysis as well as security advisory services
- Analyze and respond to previously undisclosed software and hardware vulnerabilities.

Structure and Reporting Relationship

This position as Rail OT Cyber security Team Leader will:

- Report to Rail OT Cyber security Manager
- Have to manage one or more Rail OT Cyber security Senior Technician(s).

Based on the specific requirement of the role

Key Accountabilities

- Lead a team of Rail OT Cybersecurity Senior Technicians to carry out all OT-related cybersecurity preventive maintenance (PM) and corrective maintenance (CM) activities and minor modifications on Rail OT Systems machines to include but limited to, servers, workstations, desktops and laptops. Some of these systems are installed along trackside, whilst others can be found in stations and still some others in depots
- Respond to Cyber Threats from the Cyber Security Operations Center (CSOC), NMOC or Maintenance Centre and control the impact
- Build robust processes to combat Human intervention
- Audit the Rail Systems to provide reports on IT/OT misuse under the guidance of Engineering department
- Competent in Cybersecurity threat Management
- Able to run full scenarios for system lock downs due to Cyber threat
- Building of, handling the change and implementation of new procedures
- Audits of all Rail Systems and its use within Engineering
- Act, contain and recommend actions from Cyber threats
- Follow the relevant procedures and work instructions to ensure compliance with the required requirements
- Ensure the maintenance tools & equipment are in good condition
- Assist subordinates with the job familiarization
- Conduct performance reviews and competency assessment for Rail OT Cybersecurity Senior Technicians
- Assist and support in conducting disciplinary and grievance meetings for Rail OT Cybersecurity Senior Technicians
- Produce and maintain accurate maintenance records of Rail Systems machines, equipment performance, work accomplished and other information using a computerized maintenance management system
- Assist the Engineering Systems and/or other technical support staff to implement complex systems or new projects
- Drive work vehicles when responding to emergencies and when required on duty
- Perform shift and emergency duties when required
- Perform and carry out duties as instructed/ directed by the Rail OT Cybersecurity Manager or/and Senior Management.

SAE Responsibilities and Information Security Responsibilities

- Awareness of the Integrated Management System and the content of the Health, Safety, Quality & Environment and Information Security Policy Statements
- Understanding of personal responsibilities and contribution to achieving compliance with the Integrated Management System requirements, (including but not limited to competence to perform safety critical roles, legal requirements, control measures arisen from environmental impacts and aspects, job safety analysis and information security risk assessment) and the potential consequences of departure from the arrangements in place to deliver the commitments stated in the policies statements above
- To exercise a personal duty of care for their own health, safety and welfare and for those affected by their acts or omissions
- To use safety equipment (including PPE) as required and intended and observe that this is also enforced among subcontractors and third parties working in Serco's controlled premises/systems
- Promote a good HSQE and Information Security culture among their peers, subcontractors and third parties
- Lead by example and look at ways to conserve energy, water and resources and minimize the generation of waste through personal performance and raise recommendations on how to improve existing processes on this regard within/outside their departments through their Line Manager, Departmental Safety Meetings and any other appropriate available channels
- Protect information assets and data including both electronic and paper based from all threats whether internal, external, deliberate or accidental
- Promote a good HSQE and Information Security culture among their peers, subcontractors and third parties.

REQUIREMENTS

Essential Technical and Professional Skills, Knowledge and Qualifications

Knowledge

- Vocational trade certificate or diploma in Information Technology discipline or equivalent
- Working knowledge in maintaining Rail OT Systems machines (servers, workstations, desktops and laptops) and installing third party software would be an advantage
- Strong technical knowledge in Operational technology, Industrial controls systems and Cybersecurity
- Knowledge in database tables (SQL Server, Oracle or MySQL).

Skills

- Must have good eyesight and normal color vision
- Ability to compile simple technical reports, routine business correspondence, prepare method statements and drawings as required
- Possess good communication skills and the ability to manage multiple tasks efficiently and work productively in a fast-paced, team-oriented environment
- Strong organizational skills, detail oriented, and the ability to handle multiple priorities
- Hold a valid UAE driving license with good driving skill and experience
- Keen interest in IT and OT and its related discipline
- Good Cybersecurity incident handling skills.

Experience

- Minimum 3-year work experience as a computer/systems/cybersecurity technician in Rail OT environment (ICS, SCADA and operations control systems)
- Preferably with 1 year of supervisory experience in supervising a team of computer technicians to carry out the OT-related activities.

Additional/Special Features of the Role

- Ensure compliance with the Serco Management System and all relevant business processes, procedures and work instructions to deliver all work with appropriate quality and governance standards
- Act as part of the Cybersecurity and Rail Systems Team and conduct tasks during the various stages of project management, procurement and FAT/SAT testing as instructed
- Perform all procedures necessary to ensure the safety of information systems assets and to protect systems from intention or inadvertent access or destruction
- Review log files for security products
- Support the Cybersecurity Incident Response activities, support the coordination with other departments to record and report cyber-incidents
- Ensure safety, availability and integrity of all data provided including reporting performance, finance and customer information reference Serco non-disclosure policy
- Documentation of procedures, processes, standards for all security documents
- Perform Cybersecurity Incident Response activities, coordinate with other departments to record and report incidents
- Conduct operating systems, application, and database vulnerability assessments (to include system configuration checks)
- Assist in security awareness activities
- Recognizes potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information
- Analyze audit security incident logs for individual or multiple networked devices for sensitive information, unauthorized processes and unauthorized network connections
- Perform security analysis and risk management assessments with guidance
- Maintains current knowledge of relevant technology as assigned
- Participates in special projects as required
- In charge of network device advanced configurations, installation and service support
- Participate actively to the Serco Dubai Metro Computer emergency response team activities?
- Provides advice, guidance and interpretation
- Ensures achievement of operational and day to day goals and plans for days ahead
- Fully responsible for supporting technician staff
- Decisions impacting own specific area, although made within an existing framework adapts own knowledge/experience to the situation
- Communicating with Control Centre Controllers
- Communicating with persons responsible for a Track Possession, Worksite or movements of rail vehicles within a Possession
- Establishing, supervising and removing a safe system of work to protect the safety of persons working on or near the track
- Must obtain qualification as Line-Person-In-Charge.

Serco is committed to Equal Employment Opportunities and is committed to ensuring the safety of all of its employees through its Zero Harm initiative

ABOUT THE COMPANY

Serco is a FTSE 250 international service company which combines commercial know-how with a deep public service ethos.

Serco customers are looking for expertise in managing their people, processes, technology and assets more effectively. We advise economic decision makers, design innovative solutions, integrate systems and - most of all - deliver quality services directly to the public.

Serco supplies to governments, government enterprise, agencies and companies who seek a trusted outsourcing partner with a solid track-record of service excellence. Serco people offer operational, logistical and technical expertise in the Transport, Justice and Immigration, Defence, Education and Healthcare industries as well as in the commercial sectors of Facilities Management.

Serco Middle East have been in the Region since 1947, starting out delivering Air Traffic Control Services in Bahrain; a service we are proudly still running today and have expanded to include many other Airports in the region.

We have expanded significantly since that time across the UAE, Saudi Arabia and Qatar. We have been supporting the RTA to operate the Dubai Metro since 2009, are preparing to launch the flagship Saudi Arabia Passenger Rail service from Riyadh to Qassim in 2016. We deliver Facility Management services to both Cleveland Clinic and Healthpoint Hospitals in Abu Dhabi, large-scale medical facilities in Saudi Arabia and a range of educational and commercial properties in the UAE. We also deliver postgraduate education to Officers in the Qatar Armed Forces through the Joaan Bin Jassim Joint Command and Staff College in Doha.

Focusing on our core values, and creating a positive environment for employees to thrive, we look forward to a bright future as we continue to grow with the region.

Advertise Here
INSTALL APP
×