Risk Management Analyst

Overview

Cubic Transportation Systems (CTS) is a global leader in intelligent transportation solutions, specializing in technologies that make public transit more efficient, accessible, and user-friendly. A significant feature is providing Fare and Payment card services to government and municipal customers across the globe.

Job Summary

As a member of the Cubic information security team, you will provide security compliance support for production transaction processing environments. Evaluate posture of security controls and operating environment to ensure compliance with organization security policies and controls. Plan and prepare the scope of IT compliance evaluation programs across the organization, identify potential risks or liabilities, and develop mitigation plans. Partner with external auditors to coordinate and facilitate PCI-DSS, ISO 27001, and other compliance / audit efforts. This position typically works under limited supervision and direction. Candidates will regularly exercise discretionary and substantial decision-making authority.

Responsibilities

• Perform as the recognized Subject Matter Expert on Security Risk Assessment methodology, policy, strategy and processes.
• Facilitate all security audit operations, including scheduling, vendor coordination, program management, and stakeholder coordination.
• Coordinate with Internal / External Auditors and IT teams to complete periodic audits. Schedule and conduct control walkthroughs and address follow-up procedures to ensure duties and responsibilities are understood.
• Lead design and control reviews and assessments to support continuous compliance with security policies and standards.
• Manage security review processes for all solutions to ensure design and implementation meet compliance requirements (PCI-DSS, ISO 27001, SOC 1 & SOC 2, and regional requirements such as Australian Essential 8 and NZ-ISM). Document and communicate non‑compliant areas.
• Identify and report significant information security risks across applications, development, networking, data centers, cloud and physical IT infrastructure, vendors, and other third parties.
• Identify remediation stakeholders and escalate issues constructively. Track progress toward remediation and manage escalations if timely resolution is not achieved.
• Work with system operators and security SMEs to communicate compliance gaps and develop remediation plans.
• Capture compliance gaps and remediation plans in the OneTrust GRC system. Plan and perform controls monitoring around complex customer-facing systems using One Trust.
• Engage with Cubic customers and Security Teams to build positive relationships and outcomes.
• Educate Security Management and Team Members in compliant IT processes and controls; prepare and maintain process and control documentation.
• Aid in developing solutions identified during audits and translate these into practical recommendations. Partner with Operations and Engineering to ensure timely remediation.
• Follow up on recommendations and verify corrective actions. Ensure adherence to Corporate Standards, SDLC, Change Management, and risk governance protocols where possible.
• Review vendor contracts and SOC reports to evaluate impact on controls; coordinate with third-party vendors as appropriate.

General Duties and Responsibilities

Skills / Experience / Knowledge

Essential :

Desirable :

Qualifications

Essential :

Condition Of Employment

Successful outcome of a National Police Check.

The description provided above is not intended to be an exhaustive list of all job duties, responsibilities and requirements. Duties, responsibilities and requirements may change over time and according to business need.

Worker Type

Employee

#J-18808-Ljbffr