Regular
Full time
At the heart of CSA Group is a vision: making the world a better, safer, more sustainable place. It's been part of our mission for nearly one hundred years: from the first engineering standard for railway bridges developed in 1919, to more than 3,500 standards, codes & related products today.
Headquartered in Canada, with a global footprint of more than 30 labs and offices across Europe, Asia and North America, CSA Group tests, inspects and certifies a wide range of products - from every day househould items to leading edge technology-to meet exacting requirements for safety, performance and environmental impact.
Our employees take pride in making a difference in people's lives through the work that we do. We're looking for people like you to help make it happen.
Primary Function:
A Cybersecurity Certifier III provides professional, high quality Cybersecurity Services designed to meet the objectives and expectations of internal and external customers and stakeholders. Cybersecurity Services include the performance and delivery of customer projects, including:
Cybersecurity Certification
Cybersecurity Attestation
Cybersecurity Verification (non-certification), such as gap assessments, cybersecurity claims verification, and system security and penetration testing
Cybersecurity Technical Information Service (TIS) and Training
To perform these services, a qualified, experienced, and knowledgeable security professional in this role must be capable of independently interpreting and understanding often-complex industry standards, regulations, guidance, technologies, processes, procedures, and security-related threats and risks. This includes providing:
Technical and compliance analysis and guidance;
Product, process, and/or service testing information; and
Technical reviews and independent checks.
Working Relationships:
Reports to Operations Manager, Product Group Manager (PGM), or other (as assigned)
Performs cybersecurity project leadership and mentoring, such as to Lab Technicians, Cybersecurity Certifiers (Levels I & II), contractors, and others, as needed.
Works collaboratively with and in support of other internal personnel and leadership, including Commercial, Technical Integrity (TI), Legal, Internal Audit, Health Safety & Environment (HSE), and others, as needed.
Principal Duties & Responsibilities:
Independently manages and performs Cybersecurity Services (certification and non-certification) projects ensuring compliance with all applicable safety and security requirements and within established project timeframes and cost expectations.
Evaluates products, processes, and/or services in accordance with project requirements, including evaluations against established standards, guidance, and precedent decisions.
Documents and delivers project communications, reports, and supporting information to the appropriate internal and external parties in accordance with project requirements that are technically and contextually accurate, professionally presented, and reflective of applicable internal and external established practices, standards, and guidance.
Accurately performs evaluations and reviews of complex, unique, or unusual products, processes, and/or services.
Works with sales, service, and marketing teams to support current clients and develop new client opportunities.
Explains the different cybersecurity service offerings, including certifications programs.
Prepares project statements of work, quotations, and budgetary estimates.
Determines applicable requirements, standards, guidance, and test methods appropriate to the industry, market, and client product, process, and/or service in scope.
Determines sample requirements and method and the location and tools for evaluation and testing.
Demonstrates the ability to consistently manage multiple projects concurrently while maintaining on-time and on-budget performance.
Provides client feedback to Managers, Team Leaders, Sales, Service, and other CSA Group team members.
Demonstrates professionalism and competency in the performance of cybersecurity services in accordance with DQDs, published standards and guidance, and project statement of work/quotation.
For certification services, reviews test data and reports, authorizes application of Certification Marks, prepares and/or signs Certification Reports and Certificates of Compliance, and authorizes application and / or removal of the CSA Mark.
Ensures lab test equipment, safety, and quality procedures are within guidelines.
Delivers TIS and training content and services to customers in accordance with project requirements that are technically and contextually accurate, professionally presented, and reflective of applicable internal and external established practices, standards, and guidance.
Verifies the reports, evaluation and calculations of others. Demonstrates technical competency to review the work of others.
Provides technical briefings on new and existing requirements.
As required may participate in CSA Technical Network, Technical Panel and may support documentation development.
Performs other duties as assigned by the Operations Manager, PGM, Cybersecurity Team Leader, or other (as assigned).
Demonstrates a good knowledge of a variety of standards, codes; technical background; troubleshooting electronic equipment.
Supports and mentors more junior staff in effective, clear and accurate communication and company expectations of responsiveness to clients
Becomes fully knowledgeable in all national / international standards through research of standards, documentation, bulletins and technical articles in area of specialty.
Recommends revisions to ensure technical consistency to resolve issues of pertinent practices, processes, and precedents.
Obtains and maintains continuing professional education, knowledge, skills, and accreditations that enhance and stay current on the competencies, experience, and knowledge needed to perform such services and that safeguard the reputation and integrity of CSA’s global certification programs.
Preferred Education & Experience:
Bachelor’s degree in computer science, information technology, information security, or related field and eight (8) years of experience; or
An equivalent combination of education, experience, and/or professional certification that demonstrates the ability to perform the position duties.
One or more of the following professional certifications (or the ability to successfully qualify for and obtain such certification within 12 months):
Certified Information Systems Security Professional (CISSP)
Certified Information Systems Auditor (CISA)
Certified Information Security Manager (CISM)
Certified in Risk and Information Systems Control (CRISC)
Global Industrial Cyber Security Professional (GICSP)
Certified Ethical Hacker (CEH)
Demonstrable experience and/or proficiency with the following:
Development and performance of security, risk, and compliance audits and assessments
Recognized industry security standards, frameworks, and guidance, including:
IEC 62443 standards series
UL 2900 standards series
ISO 27000 standards series
NIST Cybersecurity Framework
NIST SP 800 standards series
Understanding and working knowledge of current, relevant security-related standards, regulations, guidance, programs, processes, and/or practices
For key process areas, such as:
Corporate and security governance
Secure development lifecycle
Risk, threat, and vulnerability management
Identity, authentication, and access
Security event logging, monitoring, and incident response
Privacy and confidentiality
For key industries and marketplaces, such as:
Medical and Healthcare: HIPAA, HITRUST
Public/Government Agency:
FISMA/FedRAMP
COSO, COBIT,
Specific to Industrial Automation and Control Systems (IACS) demonstrable understanding and knowledge of:
at least two different IACS,
the application of IACS,
networking and communication protocols, and
methods to protect, prevent, and detect attacks on networks and communication protocols.
Strong professional and interpersonal skills with establishing and sustaining positive and effective working relationships with internal and external parties (as outlined in Working Relationships above)
Highly motivated, self-starting individual, and able to multi-task and manage to timelines
Knowledge of CSA certification options, programs, and services
High level of interpersonal and communication skills; customer service skills, strong problem-solving ability; detail oriented
Strong organizational, time and project management skills to complete job tasks independently and in a time-efficient manner
Ability to work unsupervised, in a team-based work environment
Reads, interprets and develops engineering drawings / specifications
Technical report writing
Computer proficiency (Microsoft Office)
At CSA Group, we excel in addressing emerging, complex issues and technologies. CSA Group is comprised of two organizations: Standards Development and Testing, Inspection, & Certification.
Not-for-Profit Standards Development:
The mission of CSA Group’s Standard Development organization is to enhance the lives of Canadians through the advancement of standards in the public and private sectors. We are a leader in standards research, development, education, and advocacy. The technical and management standards developed with our 10,000 members improve safety, health, the environment, and economic efficiency in Canada and beyond.
Global Testing, Inspection and Certification:
CSA Group’s global commercial subsidiaries generate funding for continued standards research and development in support of our mission. Our commercial subsidiaries provide expert testing, inspection, and certification services that enable manufacturers to demonstrate that their products are in compliance with applicable safety, environmental, and operating performance standards for markets around the world. We offer deep expertise and industry-leading service delivery across a wide range of current and emerging technologies.
To learn more about CSA Group, please visit our corporate website listed in Company Details below.
