Maritime Industry Security Specialist
Dartmouth - Nova Scotia (NS),
MARITIME INDUSTRY SECURITY SPECIALIST
Irving Shipbuilding, located at 3099 Barrington Street Halifax NS B3K 5M7 or 35 Mic Mac Blvd, Dartmouth NS B3A 2Y8, is part of the J.D. Irving Group of companies and is in the business of building quality ships and repairing vessels. The company's primary site is Halifax Shipyard, with three other locations in the Maritime Provinces. Irving Shipbuilding is currently working on a number of significant projects for the Department of National Defense and the Canadian Coast Guard. The company's commitment to health, safety and care for its employees and the environment is an integral part of its business.
This position, within the Canadian Surface Combatant (CSC) Program, will be responsible for executing technical responsibilities within the Security Assurance Team that is integral to the operations and support of the System Engineering Organization. The Maritime Industry Security Specialist may be assigned responsibility in one or more of the following technical disciplines:
- Risk Assessment: Conducting or reviewing risk assessments on organizations, facilities, or operations using common methodologies, such as the Harmonized Threat and Risk Assessment (HTRA) methodology. This will include the conduct of credible threat assessments, determination of asset values, and vulnerability assessments leading to a comparison against risk management targets.
- Security Control Design: The development of security control designs or plans (including C-class cost estimates) covering governance, administrative, physical, procedural and technical security controls. The security control design process is guided by sound security practices applied through structures including Security System Engineering (NIST 800-160), measurement and metrics (NIST 800-55), and the Cybersecurity Risk Management Frameworks (NIST 800-30/37).
- Technical Cost Estimating and Controls: Ensuring that technical costs are properly estimated, documented and reported, including cost estimates associated with Engineering Change Proposals and Requests for Variance from an established design baseline.
- Conduct of Inspections: Conducting the research, coordination, planning, and verification activities associated with verifying that CSC security requirements are being adhered to by those providing goods or services to the program. This will involve a combination of research, site inspections, interviews and other activities intended to lead to a report as to whether an organization, facility or activity is meeting CSC Security requirements.
- Conduct of Assessments: Conducting all aspects of the inspection but including activities intended to identify residual risks to the confidentiality, integrity, availability, or public confidence regarding the CSC project.
- Plan Management: Participating in external and internal working groups for the development, refinement, management and monitoring of the Cyber Security Management Plan (CSMP), relevant sections of the Supply Chain Management Plan (SCMP), and contributing to System Engineering Management Plan (SEMP) and its relevant sub-plans.
- Training, Awareness, Mentoring and Capacity Building: Involved in the design, development, delivery, and management of awareness materials (bulletins, alerts, etc.) and training materials (workshops, short courses) intended to raise the awareness of the Security Assurance Team’s activities in the supply chain space. This also includes working with more junior positions to affect knowledge transfer and capacity building through mentoring, coaching, and internal instruction.
- Provide supply chain risk assessment, monitoring and security-control design expertise during requirements definition, design, integration, test, and production phases to ensure that fully compliant and certified systems are provided in accordance with requirements, governing standards, and sound engineering practice.
- Provide guidance during requirements definition, design, integration, test, and production phases to ensure that sound security practices as defined in the NIST 800-160 Agreement, Project and Organizational Enabling and Technical Management documents are being adhered to. This will also involve ensuring that such guidance align coherently with ISO 9001:2015 and ISO 28000 quality management and supply chain security guidance.
- Further develop, manage, execute and monitor activities associated with risk assessment, security control design, monitoring and compliance activities, incident reporting and continuous improvement in the Supply Chain Security context.
- Develop a comprehensive technical risk register using Predict software and monitor, document, update and report on risk status.
- Develop plans, processes and procedures as required in support of program requirements.
- Participate in, or lead, Working Groups, as required, for assigned Supply Chain activities.
- Provide accurate status reports on assigned activities to the management team.
- Establish and maintain strong working relationships with internal and external stakeholders
- Support Project Management and ISI initiatives as required for the CSC project to succeed.
- Support a culture of teamwork, enthusiasm and a proactive nature within the Security Assurance Team.
- Be a role model for professional behavior
- Certification in a relevant maritime inspection or audit regime by an internationally recognized or regulatory body accepted organization.
- A minimum of five years’ experience in any two of the following:
- Experience in at least two of ship design, inspection, classification, or operations; or
- Experience conducting assessments on large, complex supply chains for companies or organizations; or
- Experience in at least two of the conducting of inspections, site assessments, or audits relevant to defense procurement or the maritime industry. The focus of these are to be manufacturing, software development or service provider facilities; or
- Experience in conducting threat assessments, plan development, or the delivery of security program related training materials in (or for) an organization or community of organizations of over 500 persons.
- Any of the following professional certifications:
- Certified Protection Professional (CPP)
- Certified Information Systems Security Professional (CISSP)
- Physical Security Professional (PSP)
- Professional Certified Investigator (PCI)
- Associate Business Continuity Professional (ABCP)
- Certified Business Continuity Professional (CBCP)
Project Management Professional (PMP)
Or a willingness to achieve certification in any one of these (candidate’s discretion as depending on organizational needs) within the first year.
- Experience in the conducting of audits
- Understanding of ship construction
- Experience working in design, production and / or test on a ship construction program
- Experience in Integrated Logistics Support
- Experience with certification and accreditation of Naval Combat Systems or ship infrastructure
- Providing security guidance in large, complex defence engineering projects
- Coordination with multiple complex organizations
- Understanding of maritime operations and ship infrastructure
- Knowledge of a shipyard production environment
Excellent written and oral communication skills
All successful applicants must meet requirements for Canadian Controlled Goods Program (CGP), Canadian Government Security clearance, and U.S. International Traffic in Arms Regulations (ITAR).
What We Offer:
- Irving Shipbuilding is proud to offer a competitive salary and benefits package, including but not limited to medical, dental, and vision
To Apply for this Career Opportunity:
Please complete the online application form. An up-to-date resume of past experience and education is required.
All applications will be reviewed by one of our recruiters. If the recruiter sees a potential opportunity (current or future) that matches your skills and experience, you will be contacted to discuss your qualifications for a position with Irving Shipbuilding
We thank all candidates for their interest, however, only those selected for interviews will be contacted.