Job Description
Business Unit: Cubic Transportation Systems
Company Details: When you join Cubic, you become part of a company that creates and delivers technology solutions in transportation to make people's lives easier by simplifying their daily journeys, and defense capabilities to help promote mission success and safety for those who serve their nation. Led by our talented teams around the world, Cubic is committed to solving global issues through innovation and service to our customers and partners.
We have a top-tier portfolio of businesses, including Cubic Transportation Systems (CTS) and Cubic Defense (CD). Explore more on Cubic.com.
Job Details: The Head of Product Cybersecurity will be responsible for developing and executing a comprehensive cybersecurity strategy to protect the integrity, confidentiality, and availability of all systems, data, and processes involved in the production, processing, and distribution of Cubic solutions. This role will ensure that Cubic's solutions and payment systems are secure from cyber threats, comply with PCI standards, align with IEC 62443, where applicable, and adhere to payment agencies requirements. The Head of Product Cybersecurity will lead a team of cybersecurity professionals and work closely with other executives to align cybersecurity initiatives with business objectives.
Key Responsibilities: - Strategic Leadership:
- Develop, implement, and oversee a robust cybersecurity strategy tailored to the industry, IEC 62443, and payment systems Cubic produces.
- Align cybersecurity efforts with the company's overall business goals.
- Lead, manage and empower a team of cybersecurity professionals, fostering a culture of security awareness across the organization.
- Ability to influence key stakeholders by articulating strategy and getting buy in across the organization.
- Must be well organized, able to prioritize workload, handle multiple simultaneous tasks, and complete work under deadline pressures with the ability to shift course where needed and recalibrate quickly.
- Risk Management:
- Identify, assess, and mitigate cybersecurity risks specific to produce production, processing, distribution, and payment systems.
- Conduct regular risk assessments and security audits, addressing vulnerabilities, ensuring applicable standard compliance, and meeting payment agency standards.
- Incident Response and Management:
- Work with the CISO to establish a cybersecurity incident response plan for Cubic's solutions, ensuring quick and effective handling of any breaches or attacks.
- Oversee post-incident analysis and implement improvements to prevent future incidents, with a focus on maintaining compliance with PCI and payment agency's requirements.
- Subject Matter Expert:
- Extensive knowledge of cybersecurity principles, practices, and technologies, including experience with industrial control systems (ICS), operational technology (OT), PCI compliance, and payment processing security.
- Change Management:
- Able to demonstrate the capability to identify opportunities for change then lead/empower their team to execute the new path forward.
- Supply Chain and Payment Security:
- Collaborate with suppliers, partners, third-party vendors, and payment processors to enforce cybersecurity standards across the supply chain and payment systems.
- Implement measures to protect the integrity and security of the supply chain.
- Compliance and Regulatory Oversight:
- Ensure compliance with relevant cybersecurity regulations and standards, including PCI DSS, GDPR, CCPA, and industry-specific requirements.
- Stay updated on evolving cybersecurity laws and regulations, adjusting policies and practices accordingly.
- Prepare for and manage cybersecurity audits and inspections.
- Technology and Systems Security:
- Oversee the implementation and maintenance of security technologies, including firewalls, intrusion detection systems, encryption protocols, and payment processing security measures within Cubic's solutions.
- Ensure the security of industrial control systems (ICS), operational technology (OT), and payment systems involved in produce production and transactions.
- Monitor and protect against cyber threats targeting technology infrastructure and payment systems.
- Education and Awareness:
- Promote cybersecurity awareness and education across the organization, providing training and resources for employees at all levels.
- Collaborate with other departments to integrate cybersecurity best practices into daily operations, including payment processing and data handling.
- Strong understanding of regulatory requirements and industry standards, including PCI DSS and payment processing agency compliance.
- Collaboration and Communication:
- Work closely with other executives, such as the CDO and CTO, to integrate cybersecurity into all aspects of the business, with a focus on PCI and payment agency compliance.
- Communicate cybersecurity risks, incidents, and strategies to the board of directors and other key stakeholders.
- Build relationships with external partners, industry groups, and government agencies to stay informed about emerging threats and best practices.
- Strong problem-solving and decision-making skills, with a strategic mindset. Has the ability to convey complex cybersecurity concepts into digestible content for non-technical stakeholders.
Remote workers will be considered. Qualifications: - Education - Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field. Master's degree preferred.
- Experience - Minimum of 10 years of experience in cybersecurity, with at least 5 years in a leadership role, preferably in the payment industry.
- Certifications - Relevant certifications such as CISSP, CISM, CISA, or PCI-related certifications are a plus.
Cubic Pay Range:
$160,000 - $220,000* + benefits.
*Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from our lowest geographic market up to our highest geographic market.
The Cubic pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.
#LI-remote #LI-LT1
Worker Type: Employee Cubic
Job Tags
Daily paid, Shift work,