Cyber Security Consultant

A career at Arup offers you the chance to make a positive difference in the world. Independently owned and independently minded, Arup is the creative force at the heart of many of the world’s most prominent projects in the built environment. We believe that flexible arrangements, such as hybrid working, create a more inclusive way of working that supports our diversity and the wellbeing of our people.

Dedicated to sustainable development, Arup is a collective of designers, consultants and experts working globally. Founded to be humane and excellent, we collaborate with our clients and partners using imagination, technology, and rigour to shape a better world.

Senior Cyber Security Consultant - Critical Infrastructure 

The role of a Cyber Security Consultant in the built environment is of paramount importance, especially when it comes to safeguarding critical infrastructure. Critical infrastructure refers to the essential systems and assets that are vital for the functioning of a society, including transportation networks, water and wastewater systems, power grids, communication networks, and more. These infrastructures are the backbone of our modern civilization, enabling the delivery of crucial services and ensuring the smooth operation of various sectors.

This role is to provide expert guidance and support in ensuring the security and protection of digital systems, infrastructure, and data within the built environment. This will be achieved by implementing robust security measures, raising awareness, and developing effective response plans, which will contribute to the resilience and security of our essential systems, protecting both the integrity of our critical infrastructure and the well-being of our society.

This role aims to promote inclusivity and equal opportunities. The specific requirements and accommodations may vary based on individual needs and organizational capabilities.

Your responsibilities

Conduct comprehensive risk assessments to identify potential cyber threats and vulnerabilities for critical infrastructure organisations.Develop and implement effective cyber security strategies and policies aligned with industry best practices and regulatory requirements for critical infrastructure organisations.Deliver effective oversight and assurance programmes to identify, manage and mitigate cyber risk for critical infrastructure organisations.Evaluate the security architecture of built environment projects to identify vulnerabilities and recommend appropriate controls for critical infrastructure organisations.Provide ongoing maintenance and support to ensure the effectiveness of implemented security measures for critical infrastructure organisations.Design and implement secure digital systems and networks, ensuring appropriate encryption, access controls, and monitoring mechanisms are in place for critical infrastructure organisations.Perform security reviews where relevant inputs are considered including, penetration testing and vulnerability assessments, to identify weaknesses and recommend remedial actions for critical infrastructure organisations.Evaluate business continuity and disaster recovery plans, ensuring the correct level of resilience is considered to support organizations in effectively responding to and recovering from cyber security incidents for critical infrastructure organisations.Manage project delivery, including people, task and commercial management.Stay updated with evolving cyber security regulations and standards relevant to the sector.Please don’t be discouraged if you don’t meet every point above – if you meet most, and are strongly motivated by the role, and willing to learn, we are still interested in hearing from you.

Essential Qualifications and Skills

Bachelor's degree in Computer Science, Information Security, or a related field

At least 5 years’ experience in cyber security. Experience must include working with or on behalf of a critical infrastructure entity. The candidate must also possess a deep understanding of operational technology (OT) systems and risks.

Strong understanding of cyber security principles, best practices, critical infrastructure legislation, and emerging trends in sectors supporting critical infrastructure.

Familiarity critical infrastructure (ICS\OT) industry practices and technologies

Proficiency in risk assessments, and understanding of vulnerability assessments, and penetration testing.

Ability to understand the implementation of secure networks, systems, and infrastructure including cloud technology.

Knowledge of relevant regulations and standards, such as NIST Cybersecurity Framework, ISO 27001, and IEC 62443.

Excellent problem-solving and analytical skills to identify vulnerabilities and recommend appropriate controls.

Effective communication skills to engage with stakeholders, and deliver technical reports.

Attention to detail and ability to focus on complex tasks.

Capacity to work independently and in a team environment.

Desired Qualifications and Skills

Ideal candidates will have security related certifications in one or more of the following: ISC2 (eg CISSP, CISM CCSP), ISACA certifications (eg. CISA, CRISC, CISM, CGEIT, COBIT), ISO27001, GDPRExperience undertaking ICS and operational technology assessmentsKnowledge of security technologies, including firewalls, intrusion detection systems, endpoint protection, and security information and event management (SIEM) solutions.Ability to think creatively and offer innovative solutions to security challenges.Strong organizational and time management skills.A working understanding of Data Protection (GDPR)Able to continuously improve project delivery documents and methodologies 

What to expect at Arup:

A multicultural and informal working environment where you can develop professionally by being part of a team who enjoy what they do.We believe that flexible arrangements, such as hybrid working, create a more inclusive way of working that supports our diversity and the wellbeing of our people.Opportunities for short or long assignments at Arup’s offices and projects anywhere in the world.Employees are eligible for the Global Profit Share scheme, which is dependent on the firm’s financial performance. Competitive performance-based salary growth.A strong corporate culture committed to its values: quality of work, holistic approach, humane organization, straight and honourable dealings, social usefulness and reasonable prosperity.Continuous training and professional development that will allow you to adapt to the growing needs of our clients as we embrace digital transformation.

---