Security Officer (SO)
Contract Duration: 4 years
Single Point Of Contact with Customer
Responsibilities:
- Railway background / Railway industry experience
- Organising monthly security follow-up meetings with the Contracting Authority’s Security Officer.
- Report about specific security topics related to the delivery of the ERP Contract, the implementation of the ERP/FWC Security Plans, Risk Assessment, the ERP Security Implementation Plan and the identified risks / security aspects of various ERP projects will be discussed.
- Present the security dashboard with relevant KPI, the follow-up on security measures/requirements implementation plan, security incidents, the new vulnerabilities identified and the planning/results of the security tests;
- Being responsible for the implementation, periodic review and improvement of the FWC Security Plan and ISMS;
- Being responsible for the delivery, quality review and timely submission of the ERP security deliverables (as example : ERP Security Risk Assessment, ERP Security Plan, ERP Business Continuity Plan, ERP Retention Policy, ERP Security Implementation Plan and ERP Test Cases);
- Ensuring the consistency of all other ERP deliverables from a security point of view and ensuring the overall coordination of the work performed by additional security experts involved on ERP projects;
- Following security events and managing security incidents with due diligence;
- Escalating security concerns or non-compliance towards FWC/ERP Security Plan as appropriate among various stakeholders (the Contracting Authority, Sub-Contractors, entities within a Consortium, etc.);
- Developing and being a key stakeholder of the ERP BCP/DRP process in alignment with the Contracting Authority’s BCP/DRP strategy and framework;
- Writing or reviewing all security related documents;
- Organising regular security awareness sessions to staff members of the ERP Contractor;
- Participating in the proposal, build and testing phases of any new project. During these phases, he/she will be in charge of evaluating the risk by performing a security risk assessment as part of the Security Model deliverable and propose countermeasures when needed.