Business Information Security Officer
Category:IT & Computer Science jobs
City:Limassol
Columbia Shipmanagement LTD
Maritime & Shipping
The Columbia Group is a leading player in the maritime industry, dedicated to ensuring the highest standards of safety, security, and efficiency in our operations. We are seeking a forward thinking and experienced business information security manager (BISO) to enrich our team and help safeguard and innovate our maritime value chain against cyber threats. You will be playing a pivotal role within the cyber security domain within the COLUMBIA group IT team covering various business models and IT architecture design blueprints across the maritime value chain covering ship, shore and cloud workloads by building bridges between operations and the cyber security operations.
Job Summary:
The BISO will be responsible for developing, implementing, and maintaining a comprehensive cybersecurity strategy to protect the company’s information assets, systems, and maritime operations along the business strategy and goals. This role requires a deep understanding of both cybersecurity principles and the unique challenges faced by the maritime value chain. The BISO will work closely with various departments, including IT, operations, compliance, and legal, to ensure a comprehensive cyber security strategy and its execution.
Key Responsibilities:
-
Cybersecurity Strategy & Governance:
-
Develop a risk governance framework to assist the organization to conduct regular risk assessments to identify and address vulnerabilities in maritime systems across the value chain. Ensure monitoring of the risk assessment conduct and provide review and consulting to the organization.
-
Ensure compliance with international, industry-specific and client related cybersecurity regulations and standards, including IMO guidelines.
-
Conduct risk assessments and vulnerability analyses to identify potential threats and vulnerabilities onboard and ashore. Ensure a consistent process and follow up.
-
Assist the organization in adapting ISO 27001 and NIS standards and best practices and lead the adaptation of the cyber security ISO manuals.
-
Lead cyber security assessment of the COLUMBIA supply chain
-
Lead various client engagements with clients of the COLUMBIA group
-
-
Incident Response & Management:
-
Develop and maintain an incident response plan, including protocols for detecting, responding to, and recovering from cybersecurity incidents.
-
Lead the response to cybersecurity incidents (IRT team), including data breaches, malware infections, and system disruptions.
-
Coordinate with internal and external stakeholders during and after incidents to mitigate impacts and restore normal operations.
-
Consult and guide the organization on the business continuity plan development and improvement process.
-
-
Security Awareness & Training:
-
Develop and conduct cybersecurity awareness programs for employees, including training sessions and simulations.
-
Educate crew members and shore-based staff on cybersecurity best practices and company policies.
-
Design and execute workshops and drills ashore and onboard as train the trainer. Monitor the subsequent execution of workshops and drills.
-
Promote a culture of cybersecurity awareness within the organization and design/ front various campaigns along the strategy.
-
-
Technological Oversight:
-
Oversee the cyber security of the company’s IT infrastructure, including shipboard systems, communication networks, and shore-based systems and ensure alignment with the business objectives and strategy.
-
Monitor the implementation of security controls across the various domains.
-
Collaborate with IT and operations teams as well as supplier to ensure the security of maritime-specific technologies, such as navigation systems and cargo management systems.
-
-
Monitoring & Reporting:
-
Implement systems for continuous monitoring of security threats and vulnerabilities.
-
Regularly report to senior management on the status of the company’s cybersecurity posture, including incidents, risks, and mitigation efforts.
-
Evaluate and design SOC services across the value chain together with the various internal and external teams.
-
Coordinate 3rd part assessment and reviews on COLUMBIA infrastructure and develop mitigating measures.
-
-
Collaboration & Vendor Management:
-
Collaborate with other maritime companies, governmental bodies, and cybersecurity organizations to share intelligence and best practices.
-
Manage relationships with third-party vendors, ensuring they comply with the company’s cybersecurity standards.
-
Liaise closely with the DPO team on any personal information protection measures to ensure consistent governance.
-
-
Innovation & Continuous Improvement:
-
Stay updated on the latest cybersecurity trends, threats, and technologies.
-
Evaluate and recommend new technologies and practices to enhance the company’s cybersecurity capabilities.
-
Continuously improve cybersecurity practices and solutions specific to the maritime industry.
-
Engage in SecureEU and similar projects and adapt other industries best practices.
-
Qualifications:
-Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field. A master’s degree is preferred.
-Minimum of 5 years of experience in information security, with at least 2 years in a managerial role, preferably in the maritime or transportation industry.
-Relevant certifications such as CISSP, CISM, or CEH.
-Strong knowledge of maritime cybersecurity regulations, such as IMO guidelines and the ISPS Code.
-Proven experience in developing and implementing cybersecurity strategies and incident response plans.
-Excellent communication and leadership skills, with the ability to collaborate with cross-functional teams.
-Strong analytical and problem-solving abilities.
Benefits:
-
Competitive salary and discretionary bonus
-
Health insurance package
-
Provident fund
-
Professional development opportunities and career growth
-
Flexible working hours
To apply, please send your CV to careers@csmcy.com