1.3.jpg

The global maritime industry continues to embrace information technology and operational technology in automating its processes. Increased digitalisation has brought about cyber vulnerabilities, opening the door for cyber-attacks. Cyber-attacks can have serious consequences for crews, ships, and cargos, including casualties, loss of control of ship and ship or cargo hijacking. This research paper examines and discusses the limitations of the current IMO framework. The paper calls for a comprehensive legal framework on cyber risk management through the strengthening of the ISM Code and potentially through creation of a Cyber Code.

 

Source: marsafelawjournal


78569774_m-768x436.jpg

Facing “very substantial threats against the maritime critical infrastructure every day,” the Coast Guard has operationalized cybersecurity and “made it part of our prevention and response framework to make sure that we’re getting after this threat at the speed and pace at which it demands,” USCG Assistant Commandant for Prevention Policy Rear Admiral John Mauger told the House Transportation and Infrastructure Committee during a hearing on cybersecurity last month.

The marine transportation system, or MTS, is an integrated network of 361 ports and 25,000 miles of waterways and supports one quarter of U.S. GDP and one in seven American jobs, and “any substantial disruption to marine transportation can cause cascading effects, to our economy and to our national security.”

“Cyberattacks are a significant threat to the maritime critical infrastructure, and while we must continue to work to prevent attacks, we must also be clear-eyed that attacks will occur, and we must ensure that the MTS is resilient,” Mauger said. “Protecting maritime critical infrastructure and ensuring resiliency is a shared responsibility.”

That has included establishing Coast Guard Cyber Command, with cyber forces that “are manned, trained, and equipped in accordance with joint DoD standards, but have a broad range of authorities to address complex issues, spanning national defense and homeland security, including protecting the MTS.” USCG stood up a maritime cyber readiness branch within Coast Guard Cyber Command “as a focal point for maritime threat monitoring, information sharing, and response coordination.”

“The Coast Guard’s approach to protecting the MTS leverages our proven prevention and response framework,” he said. “To prevent incidents, we leverage our authorities in the nation’s ports to set standards and conduct compliance. We refer to this as cyber risk management, and require accountability, assessments, mitigations, exercises, and incident reporting. To prepare for and respond to cyber incidents, Coast Guard sectors are leading field-level exercises with Area of Maritime Security committees, and have established unified commands with FBI and CISA to lead the federal response to cyberattacks in the ports.”

“Cyberattacks will increasingly have physical impacts, beyond computer networks. By incorporating cybersecurity into our prevention and response framework, we provide a comprehensive, all-hazards approach to this threat, but we cannot do this alone. As the co-sector risk management for transportation, we look to both TSA and CISA as key partners.”

Mauger stressed that cybersecurity is “a shared responsibility with the private sector” and “collaboration with the industry is paramount, and focused on information sharing and good governance.” USCG established the National Maritime Security Advisory Committee “to facilitate consultation with industry on standards development” and works with the International Maritime Organization to address the risks posed by foreign vessels. “We are committed to a transparent approach, as we balance the urgency of cyberthreats with informed rulemaking,” he added. “The cyberthreat is dynamic.”

Asked for an update to the Coast Guard’s efforts to improve its own IT systems, the assistant commandant noted that the USCG “approach to protecting the maritime transportation system relies on us having our own ability to defend and operate our networks.”

“Through investments in the CARES Act, with over $65 million in funding, we’ve been able to make significant investments to modernize our infrastructure, and push more information out to our mobile users out in the field, and our cutters underway,” Mauger said. “But all of this is premised, our security is premised, on it being an operational imperative. And so the key thing that’s really driven us forward is the establishment of Coast Guard Cyber Command as an operational command, under the purview of a two-star commander, that oversees our daily mission execution in the IT space. And then the coordination with our CIO, who is driving those investment and modernization projects forward.”

At the port level, Mauger said the Coast Guard is “really focused on working across the prevention and response framework to ensure that we have the ability to defend and then also respond resiliently from attacks.”

“This is a shared responsibility between the private sector and the federal agencies involved, and so we’re doing a number of different things,” he said. “First of all, we put in standards in place that require them to conduct assessments, have an accountable person, develop a plan, mitigate that plan, exercise it, and report incidents. All those pieces are really important. Through those assessments, we then have the opportunity to drive investments through the Port Security Grant Program, to update security posture in the ports. And so last year, $17 million was allocated from the Port Security Grant Program for Cybersecurity.”

“Which side is winning, the increased cyberthreats or increased digital-based safety operational enhancements?” asked Rep. Bob Gibbs (R-Ohio). “How are we doing in this fight, who’s winning?”

“Congressman, it’s not an either/or proposition for us, it’s really an all-of-the-above,” Mauger replied. “And so as the Assistant Commandant for Prevention Policy, we make sure that we bring together the best of our ability to secure private industry, but then be able to respond as well.”

“And so, leveraging our prevention and response framework, we’ve made sure that we’ve taken a multilayered approach to engaging with the industry, sharing information with them at the local level, through the Area Maritime Security Committees, and conducting compliance activities,” he added. “And then at the national level, engaging across the interagency with our National Maritime Security Advisory Committee, with the MTS ISAC, and then with other interagency partners, to make sure that we’re tied together, and providing a comprehensive network, and comprehensive approach to this problem.”

Mauger emphasized to lawmakers that “overall risk management approach, within both the private sector and the federal government” requires accountability.

“You have to have an accountable person; they have to be able to do an assessment and to understand the risks,” he said. “They have to be empowered to manage those risks. And then it also comes back to exercising and reporting. Where it comes to reporting right now, we have to change the paradigm from ‘what is the minimum I need to disclose’ to ‘how can I help protect others’… these incidents cut across so many different infrastructures, and reporting really helps us to make us all stronger.”

Asked how threats and risk-management assistance is communicated to individual ports and throughout the MTS, Mauger replied that “unity of effort within the Coast Guard is part of our DNA, and so we take a multi-level approach to share information at the speed of cyber here with the industry.”

“But this is a dynamic threat environment, and going forward we need to use a combination of both existing tools and new tools, or new methods, to get after the information sharing,” he added. “So for this multi-level approach at the local level, we work through our Area Maritime Security Committees; each of those have established cyber subcommittees that are responsible for that day-to-day sharing of information, for conducting the exercises, for reviewing best practices and understanding how to move forward. Those same people then are integral to response efforts when they occur in the ports. At the national level, we work through a number of different means. We’ve established a maritime cyber readiness branch within our Coast Guard Cyber that really becomes a focal point for threat information dissemination, technical assistance in the field, and connection to the interagency.”

“We’ve embedded folks in CISA, we meet regularly with the other Sector Risk Management Agencies. We engage with the MTS’s information sharing and analysis center. And we look for every opportunity to continue to share information and communicate threats, and understand the vulnerabilities in this industry, so we can protect the MTS.”

 

Source: hstoday


1.5.jpg

Cyber attacks targeting the marine sector, and critical infrastructure more broadly, are growing rapidly across the world and in Asia. As the maritime industry undergoes rapid digitalization, ransomware attacks continue to escalate. In fact, hackers are narrowing their focus on organizations in the sector, which are seen as tempting targets due to a perceived lack of cyber security investment and potential for significant operational disruption.

The marine industry being an attractive target for hackers is not new. Since Maersk suffered a devastating US$300 million ransomware attack in 2017, the maritime industry has earned the unfortunate distinction of being the only sector to have all four of the world’s largest shipping companies being hit by cyber attacks in the last four years, namely – Maersk, Mediterranean Shipping Company, CMA CGM and COSCO.

Source: nationalcybersecuritynews

gdpr_ready_image.2e16d0ba.fill-1600x900.jpg

As the industry strives for greater technological efficiency, new vulnerabilities emerge as a result of the growing integration of information and operational technology.

International and national regulatory organisations, as well as industry trade associations, take these threats seriously and call on ship owners and operators, charterers, ports, and other maritime businesses large and small to take action.

We offer technological and scientific expertise to assist you in safeguarding and advancing your critical interests. We are a trusted, independent advisor and security partner for clients who understand that cyber resilience can provide a competitive advantage in a highly regulated and crowded environment.

 

Source: hackersera


1.1.jpg

Maersk, MSC, IMO — there is no shortage of maritime security incidents and cyber attacks. As hackers become even more sophisticated in their tactics, it’s inevitable that maritime cyber attacks against OT on ships are becoming the norm rather than the exception. The stats speak for themselves:

Of respondents, 77% view maritime cyber-attacks as a high or medium risk to their organizations, yet only 64% said their organization has a business continuity plan in place to follow in the event of a cyber security incident. Only 24% claimed their security incidents plan was tested every three months, and only 15% said that it was tested every six to 12 months. Only 2 of 5 respondents said that their organization protects vessels from operational technology (OT) cyber threats, and some respondents went so far as to describe their company policy to OT cyber risk as “careless.”

It’s time for the maritime industry to take a look at every aspect of their ship operations to ensure they’re protected and resilient against these growing threats and attacks. Maritime security intelligence begins with a comprehensive understanding of the risks faced. Today’s maritime security incidents and cyber attacks will only grow with continued digitalization and future technological advances.

In this eBook, we will help you navigate the ins and outs of maritime cybersecurity, review security incidents and maritime cyber attacks, address cybersecurity challenges and compliance considerations, and get you geared up to establish your maritime cybersecurity action plan.

 

Source: missionsecure


1.1-PRlmtfgXx8Zq.jpg

Facing “very substantial threats against the maritime critical infrastructure every day,” the Coast Guard has operationalized cybersecurity and “made it part of our prevention and response framework to make sure that we’re getting after this threat at the speed and pace at which it demands,” USCG Assistant Commandant for Prevention Policy Rear Admiral John Mauger told the House Transportation and Infrastructure Committee during a hearing on cybersecurity last month.

The marine transportation system, or MTS, is an integrated network of 361 ports and 25,000 miles of waterways and supports one quarter of U.S. GDP and one in seven American jobs, and “any substantial disruption to marine transportation can cause cascading effects, to our economy and to our national security.”

“Cyberattacks are a significant threat to the maritime critical infrastructure, and while we must continue to work to prevent attacks, we must also be clear-eyed that attacks will occur, and we must ensure that the MTS is resilient,” Mauger said. “Protecting maritime critical infrastructure and ensuring resiliency is a shared responsibility.”

That has included establishing Coast Guard Cyber Command, with cyber forces that “are manned, trained, and equipped in accordance with joint DoD standards, but have a broad range of authorities to address complex issues, spanning national defense and homeland security, including protecting the MTS.” USCG stood up a maritime cyber readiness branch within Coast Guard Cyber Command “as a focal point for maritime threat monitoring, information sharing, and response coordination.”

“The Coast Guard’s approach to protecting the MTS leverages our proven prevention and response framework,” he said. “To prevent incidents, we leverage our authorities in the nation’s ports to set standards and conduct compliance. We refer to this as cyber risk management, and require accountability, assessments, mitigations, exercises, and incident reporting. To prepare for and respond to cyber incidents, Coast Guard sectors are leading field-level exercises with Area of Maritime Security committees, and have established unified commands with FBI and CISA to lead the federal response to cyberattacks in the ports.”

“Cyberattacks will increasingly have physical impacts, beyond computer networks. By incorporating cybersecurity into our prevention and response framework, we provide a comprehensive, all-hazards approach to this threat, but we cannot do this alone. As the co-sector risk management for transportation, we look to both TSA and CISA as key partners.”

Mauger stressed that cybersecurity is “a shared responsibility with the private sector” and “collaboration with the industry is paramount, and focused on information sharing and good governance.” USCG established the National Maritime Security Advisory Committee “to facilitate consultation with industry on standards development” and works with the International Maritime Organization to address the risks posed by foreign vessels. “We are committed to a transparent approach, as we balance the urgency of cyberthreats with informed rulemaking,” he added. “The cyberthreat is dynamic.”

Asked for an update to the Coast Guard’s efforts to improve its own IT systems, the assistant commandant noted that the USCG “approach to protecting the maritime transportation system relies on us having our own ability to defend and operate our networks.”

“Through investments in the CARES Act, with over $65 million in funding, we’ve been able to make significant investments to modernize our infrastructure, and push more information out to our mobile users out in the field, and our cutters underway,” Mauger said. “But all of this is premised, our security is premised, on it being an operational imperative. And so the key thing that’s really driven us forward is the establishment of Coast Guard Cyber Command as an operational command, under the purview of a two-star commander, that oversees our daily mission execution in the IT space. And then the coordination with our CIO, who is driving those investment and modernization projects forward.”

At the port level, Mauger said the Coast Guard is “really focused on working across the prevention and response framework to ensure that we have the ability to defend and then also respond resiliently from attacks.”

“This is a shared responsibility between the private sector and the federal agencies involved, and so we’re doing a number of different things,” he said. “First of all, we put in standards in place that require them to conduct assessments, have an accountable person, develop a plan, mitigate that plan, exercise it, and report incidents. All those pieces are really important. Through those assessments, we then have the opportunity to drive investments through the Port Security Grant Program, to update security posture in the ports. And so last year, $17 million was allocated from the Port Security Grant Program for Cybersecurity.”

“Which side is winning, the increased cyberthreats or increased digital-based safety operational enhancements?” asked Rep. Bob Gibbs (R-Ohio). “How are we doing in this fight, who’s winning?”

“Congressman, it’s not an either/or proposition for us, it’s really an all-of-the-above,” Mauger replied. “And so as the Assistant Commandant for Prevention Policy, we make sure that we bring together the best of our ability to secure private industry, but then be able to respond as well.”

“And so, leveraging our prevention and response framework, we’ve made sure that we’ve taken a multilayered approach to engaging with the industry, sharing information with them at the local level, through the Area Maritime Security Committees, and conducting compliance activities,” he added. “And then at the national level, engaging across the interagency with our National Maritime Security Advisory Committee, with the MTS ISAC, and then with other interagency partners, to make sure that we’re tied together, and providing a comprehensive network, and comprehensive approach to this problem.”

Mauger emphasized to lawmakers that “overall risk management approach, within both the private sector and the federal government” requires accountability.

“You have to have an accountable person; they have to be able to do an assessment and to understand the risks,” he said. “They have to be empowered to manage those risks. And then it also comes back to exercising and reporting. Where it comes to reporting right now, we have to change the paradigm from ‘what is the minimum I need to disclose’ to ‘how can I help protect others’… these incidents cut across so many different infrastructures, and reporting really helps us to make us all stronger.”

Asked how threats and risk-management assistance is communicated to individual ports and throughout the MTS, Mauger replied that “unity of effort within the Coast Guard is part of our DNA, and so we take a multi-level approach to share information at the speed of cyber here with the industry.”

“But this is a dynamic threat environment, and going forward we need to use a combination of both existing tools and new tools, or new methods, to get after the information sharing,” he added. “So for this multi-level approach at the local level, we work through our Area Maritime Security Committees; each of those have established cyber subcommittees that are responsible for that day-to-day sharing of information, for conducting the exercises, for reviewing best practices and understanding how to move forward. Those same people then are integral to response efforts when they occur in the ports. At the national level, we work through a number of different means. We’ve established a maritime cyber readiness branch within our Coast Guard Cyber that really becomes a focal point for threat information dissemination, technical assistance in the field, and connection to the interagency.”

“We’ve embedded folks in CISA, we meet regularly with the other Sector Risk Management Agencies. We engage with the MTS’s information sharing and analysis center. And we look for every opportunity to continue to share information and communicate threats, and understand the vulnerabilities in this industry, so we can protect the MTS.”

 

Source: hstoday


mcs-burdv6OBXaHG.jpg

Vibrant digital identity and cyber security backbones have been identified as critical factors to drive the emerging payment technology economy in Nigeria, experts have said.

This was the summation of discussions by stakeholders in Nigeria’s finance and identity sectors, at the just concluded Future of Payment Conference held in Lagos.

Speaking on the theme, ‘Fear and Fraud: Juggling Identity, Consent and Security in the Age of Instant Payment’, Co-founder/CEO, VerifyMe Nigeria, Esigie Aguele, said building a sustainable trust-based economy powered by a virile digital identity infrastructure will accelerate gains from the shift towards cashless and contactless payment options.

He said: “What we are seeing increasingly in the identity space is that having robust identity protocols not only enable, but also secure payment. For instance, Amazon, the global e-commerce giant, now requests for the National Identity Number (NIN) before importing goods to customers in Nigeria. So, they are using identity to process payments and we are expecting to see trends like facial recognition increasingly play a leading role in the new era of PayTech.

“The ecosystem is also expanding beyond individual identity to device identity verification. The whole concept of SIM swap is one of the areas that cause online fraud and big loss to FinTech and telcos across industry. VerifyMe is going to be at the critical layer of supporting FinTech companies to minimize fraud across PayTech transactions as well as minimize leakages from exposing data to people who shouldn’t have access to it.”

Director, Account Management, West Africa, MasterCard, Stanley Jacob, stressed the need for increased attention to digital identity given the accelerated shift from physical and traditional payment systems to contactless pay technologies.

According to him, “Insights from MasterCard’s New Payment Index Survey show a growing acceptance of the new payment platforms whether they be biometric, contactless, QR or virtual currency. Seven out of every 10 respondents said they are ready and happy to use contactless payment platforms; 73 per cent are willing to use digital wallets by 2022 and; between 2020 and 2021, about 1 billion additional MasterCard transactions were processed through contactless platforms.

“These indices point towards the proliferation of PayTech. Therefore, there needs to be a corresponding infrastructure to harness this opportunity and preserve the integrity of the transactions. This is where digital identity and cybersecurity will come into play.”

 

Source: guardian


1.6.jpg

China’s growing technological expertise along its digital silk road is expected to set benchmarks for the rest of the world to follow, according to analysts. President of China’s ambitious Belt and Road Initiative (BRI) started down the digital silk road long before the rest of the world began talking about connected smart cities and technology-driven solutions.

As China continues to expand its digital footprint in sectors as diverse as cloud computing, 5G, surveillance technology and virtual currency, observers see movement in some areas toward Chinese technological dominance.

China is already leading the world in Artificial Intelligence (AI), blockchain, 5G, and quantum technology publications and patents. Data fuels AI development and, thanks to its sprawling surveillance apparatus, China has access to immense amounts of it, so China seems well-positioned to emerge as a leader in this field.

China has already launched the biggest blockchain ecosystem in the world, connected to over 100 city nodes, and was the first country to launch widespread pilots of a digital fiat currency – the Digital Currency Electronic Payment (DCEP) system. Analysts agree that China has achieved enormous breakthroughs in some future technologies. Advancements in technologies allow China to more efficiently promote the progress of BRI, increase the bonding between China and BRI countries, and push BRI’s hard projects.

How technology will be incorporated into BRI projects will depend very much on the nature of the projects. This will differ among regions and countries.

– Research Associate, Lee Kuan Yew School of Public Policy, National University of Singapore

China’s world-leading fibre optic industry, which is already assisting BRI countries in transforming from traditional to renewable energy supplies. Many countries aligned with BRI are rich in solar energy resources, but “lack the technologies and resources to construct renewable energy infrastructure. Through BRI, China can export advanced renewable energy technologies to BRI countries and Chinese fibre optic enterprises can enjoy local preferential policies, including tax incentives, preferential treatment for equipment imports.

In some infrastructure areas, such as high-speed railway, 5G networks, and ultra-high voltage power grids, China’s standards have become the international standards as everyone else plays catch-up. Therefore, through collaborating with Chinese enterprises, BRI partner countries can adopt the technologies that accord with the most advanced standards in their infrastructure projects.

China’s technological prowess gives it an edge to push BRI’s hard projects, such as renewable energy, transportation, infrastructure, power, and healthcare since in today’s technology-driven world, the digital realm is intimately intertwined with hard infrastructure.

Railways, ports, and electricity grids, for instance, would not be able to operate effectively today without software, sensors, and cybersecurity. China also provides a useful reference for BRI countries with its digital transformation and industrial digitalisation models. Most BRI countries are developing countries and have limited experience in dealing with digital technology but can benefit from China’s digitalisation experiences.

Given that the BRI is primarily a financing/investment mechanism, exporting technology adds a different dimension to the entire BRI assistance package. Most BRI projects have already been dependent on using Chinese equipment and labour, so any kind of tech advancement might just mean higher quality or more efficient projects.

Anything digital will tend to also require a larger investment amount, and“the financial capacity of BRI recipient markets will come into question here as well, especially if these markets are prioritising developing adequate infrastructure to meet their domestic needs first. The best way for BRI partner countries to benefit from China’s technological prowess is to partner with Chinese operators.

While the West has focused too much on profits and not enough on cash flow business and service lines, China is developing technologies to hook their services into supply chains to generate cash flow streams. This business model is relatively more sustainable than the profit-oriented ones.

 

Source: opengovasia


mcs-2-8KnLE7Msqlpa.jpg

Shipowners’ organisation Bimco has urged Nigeria to step up efforts to safeguard seafarers as more and more crew are kidnapped from vessels in the Gulf of Guinea. The plea from the Danish-headquartered body came as the Joint War Committee (JWC) of the Lloyd’s Market Association (LMA) redrew the listed extended risk area in the West Africa region.

Having covered only the exclusive economic zones (EEZs) of Togo, Benin and Nigeria north of latitude 3 degrees north since 2013, the update now includes areas further to the south and east between Lome in Togo and Cape Lopez in Gabon.

TradeWinds News spoke to Dryad Global’s team about the uptick in piracy incidents off West Africa as part of their research.

Analyst Munro Anderson, of security consultancy Dryad Global, told TradeWinds that some incidents are related to “criminal disputes and inter-syndicate activity. However, the evidence suggests this number is small,” he said.

“In addition, we see the increasing prevalence of incidents beyond the traditional heartlands of the Nigerian EEZ as being indicative of a growing trend of insecurity.”

Premiums also increasing

Chris Goddard, CEO, founder and underwriter of marine war risks at Vessel Protect, said additional premiums have increased in 2020 due to a proliferation of piracy in West Africa in both the marine war and kidnap and ransom market.

“The expansion of the Gulf of Guinea notification area is in direct response to the broadening of sustained attacks in the region which began increasing in 2019. The JWC’s decision will increase costs for shipowners operating in the region,” he added.

“However, those who widely adopt best management practice (BMP) and engage in risk mitigation measures such as transit risk assessments conducted by independent maritime security experts will continue to see preferable insurance terms over their peers.”

 

Source: channel16.dryadglobal


109221352-ship-vessel-is-on-leaving-departure-from-the-port-terminal-after-completion-of-loading-discharging-o-o3AzxVn6N8uh.jpg

This role has a work from home option and candidate must be able to attend meetings on site as requested.

The Cyber Security Development Operations & Orchestration manager is responsible for supporting critical cyber security functions by orchestrating and automating alerts and processes, engaging in the use case development process, and managing cyber security technologies. This position is highly technical and requires a solutions-oriented person with a “can do attitude”.

Our ideal candidate will have the following:

  • Experience administering security technology including: IDS/IPS and other network security tools, Anti-Virus / Anti-Malware, Endpoint intelligence tools, SIEM, Proxy, Forensic tools, DNS, Web Application Firewalls WAF, and Vulnerability Management tools.
  • Certifications such as Splunk “power user” or above, CCNA or above, MCSA (Azure Security Engineer associate, Microsoft 365 Certified Security Administrator Associate, or other Microsoft Certifications), Linux certifications, CEH, GCIH, Python certifications.
  • Ability to use programming languages such as Python, and PowerShell to automate processes, build APIs and enrich Incident Response alerts.
  • Splunk skills including Dashboarding, Data Modeling, CIM compliance, and using SPL to write advanced searches.
  • Knowledge of operating systems (Windows and Linux)
  • Ability to provide cyber security support by planning, coordinating, integrating and synchronizing cyber defense and prevention activities, ensuring compliance with all applicable state and federal cyber laws and regulations
  • Ability to Write Report to communicate Sutter Health’s risk profile impact to peers and management
  • Knowledge of cyber security solutions, policies and technologies
  • Knowledge of the lifecycle of a network threat and network vulnerability exploitation in a healthcare environment, including the anatomy of a cyber-attack
  • Ability to use Internet Technologies including DNS, routing, SMTP, HTTP, DHCP, FTP, etc.
  • Experience managing a highly technical team

Position Overview:
As a Cyber Security Manager, you will provide support and guidance to Sutter Health regions and affiliates to develop, implement, operate and manage the Cyber Security program and team. You will represent the Privacy & Information Security Department on project teams and initiatives and work with operations support teams to identify and recommend solutions on security-related issues. You will use your exceptional leadership skills to provide oversight over a broad range of security duties that require a high level of technical understanding. Additionally, you will be accountable to:

 

Manage the Cyber Security team and ensure Sutter Health is in compliance with information security and privacy laws
Oversee design, engineering, analysis, research, testing and monitoring
Assist in the development, implementation, and maintenance of Cyber Security solutions
Conduct investigations of potential or actual cyber security events and documents, and communicate the risks to executive leadership
Collaborate with Privacy & Information Security staff regarding the development and maintenance of Sutter Health’s Cyber Security program and policies
Serve as Cyber Security Manager and advisor to the Chief Privacy & Information Security Officer, the Executive Director of Cyber Security & Investigations and Sutter Health affiliates

You will work with all levels of staff and leadership and therefore must be able to interact effectively with broad and diverse groups. You should be well organized and be able to prioritize assigned work and convey complex technical topics into language and diagrams understandable to a wide audience.

Qualifications:
Bachelor’s Degree in Computer Science, Information Science or related field or equivalent education/experience
Certified Information Systems Security Professional (CISSP) required within 4 months of date of hire
10 or more years of experience as an IT Security professional with progressively responsible management duties in security solutions and compliance reporting
Proven technical background in systems and network security
Extensive experience with security software, incident response, disaster recovery, firewalls, and network monitoring
Proven experience managing and tracking large scale projects and coordinating/planning resource allocations while tracking commitments to insure on-time delivery
Demonstrated professional experience working with PCI, SOX and HIPAA compliance regulations and applying them to security monitoring and alerting practices
Proven experience working with STIX/TAXXI based Threat Monitoring and Intelligence integration with SIEM solutions
Significant experience engineering High Availability infrastructure solution designs

Preferred Qualifications:
Healthcare information technology industry experience

 

Source: ziprecruiter