Product Safety Certifier - Cybersecurity

Employment Status:

Time Type:

BUILDING A WORLD CLASS TEAM STARTS WITH YOU

At the heart of CSA Group is a vision: making the world a better, safer, more sustainable place. It's been part of our mission for nearly one hundred years: from the first engineering standard for railway bridges developed in 1919, to more than 3,500 standards, codes & related products today.

Headquartered in Canada, with a global footprint of more than 30 labs and offices across Europe, Asia and North America, CSA Group tests, inspects and certifies a wide range of products - from every day househould items to leading edge technology-to meet exacting requirements for safety, performance and environmental impact.

Our employees take pride in making a difference in people's lives through the work that we do. We're looking for people like you to help make it happen.

Job Summary:

Primary Function:

A Cybersecurity Certifier III provides professional, high quality Cybersecurity Services designed to meet the objectives and expectations of internal and external customers and stakeholders. Cybersecurity Services include the performance and delivery of customer projects, including:

• Cybersecurity Certification

• Cybersecurity Attestation

• Cybersecurity Verification (non-certification), such as gap assessments, cybersecurity claims verification, and system security and penetration testing

• Cybersecurity Technical Information Service (TIS) and Training

To perform these services, a qualified, experienced, and knowledgeable  security professional in this role must be capable of independently interpreting and understanding often-complex industry standards, regulations, guidance, technologies, processes, procedures, and security-related threats and risks. This includes providing:

• Technical and compliance analysis and guidance;

• Product, process, and/or service testing information; and

• Technical reviews and independent checks.

Working Relationships:

• Reports to Operations Manager, Product Group Manager (PGM), or other (as assigned)

• Performs cybersecurity project leadership and mentoring, such as to Lab Technicians, Cybersecurity Certifiers (Levels I & II), contractors, and others, as needed.

• Works collaboratively with and in support of other internal personnel and leadership, including Commercial, Technical Integrity (TI), Legal, Internal Audit, Health Safety & Environment (HSE), and others, as needed.

Principal Duties & Responsibilities:

• Independently manages and performs Cybersecurity Services (certification and non-certification) projects ensuring compliance with all applicable safety and security requirements and within established project timeframes and cost expectations.

• Evaluates products, processes, and/or services in accordance with project requirements, including evaluations against established standards, guidance, and precedent decisions.

• Documents and delivers project communications, reports, and supporting information to the appropriate internal and external parties in accordance with project requirements that are technically and contextually accurate, professionally presented, and reflective of applicable internal and external established practices, standards, and guidance.

• Accurately performs evaluations and reviews of complex, unique, or unusual products, processes, and/or services.

• Works with sales, service, and marketing teams to support current clients and develop new client opportunities.

• Explains the different cybersecurity service offerings, including certifications programs.

• Prepares project statements of work, quotations, and budgetary estimates.

• Determines applicable requirements, standards, guidance, and test methods appropriate to the industry, market, and client product, process, and/or service in scope.

• Determines sample requirements and method and the location and tools for evaluation and testing.

• Demonstrates the ability to consistently manage multiple projects concurrently while maintaining on-time and on-budget performance.

• Provides client feedback to Managers, Team Leaders, Sales, Service, and other CSA Group team members.

• Demonstrates professionalism and competency in the performance of cybersecurity services in accordance with DQDs, published standards and guidance, and project statement of work/quotation.

• For certification services, reviews test data and reports, authorizes application of Certification Marks, prepares and/or signs Certification Reports and Certificates of Compliance, and authorizes application and / or removal of the CSA Mark.

• Ensures lab test equipment, safety, and quality procedures are within guidelines.

• Delivers TIS and training content and services to customers in accordance with project requirements that are technically and contextually accurate, professionally presented, and reflective of applicable internal and external established practices, standards, and guidance.

• Verifies the reports, evaluation and calculations of others. Demonstrates technical competency to review the work of others.

• Provides technical briefings on new and existing requirements.

• As required may participate in CSA Technical Network, Technical Panel and may support documentation development.

• Performs other duties as assigned by the Operations Manager, PGM, Cybersecurity Team Leader, or other (as assigned).

• Demonstrates a good knowledge of a variety of standards, codes; technical background; troubleshooting electronic equipment.

• Supports and mentors more junior staff in effective, clear and accurate communication and company expectations of responsiveness to clients

• Becomes fully knowledgeable in all national / international standards through research of standards, documentation, bulletins and technical articles in area of specialty. 

• Recommends revisions to ensure technical consistency to resolve issues of pertinent practices, processes, and precedents.

• Obtains and maintains continuing professional education, knowledge, skills, and accreditations that enhance and stay current on the competencies, experience, and knowledge needed to perform such services and that safeguard the reputation and integrity of CSA’s global certification programs.

Preferred Education &  Experience:

• Bachelor’s degree in computer science, information technology, information security, or related field and eight (8) years of experience; or

• An equivalent combination of education, experience, and/or professional certification that demonstrates the ability to perform the position duties.

• One or more of the following professional certifications (or the ability to successfully qualify for and obtain such certification within 12 months):

  • Certified Information Systems Security Professional (CISSP)

  • Certified Information Systems Auditor (CISA)

  • Certified Information Security Manager (CISM)

  • Certified in Risk and Information Systems Control (CRISC)

  • Global Industrial Cyber Security Professional (GICSP)

  • Certified Ethical Hacker (CEH)

• Demonstrable experience and/or proficiency with the following:

  • Development and performance of security, risk, and compliance audits and assessments

  • Recognized industry security standards, frameworks, and guidance, including:

    • IEC 62443 standards series

    • UL 2900 standards series

    • ISO 27000 standards series

    • NIST Cybersecurity Framework

    • NIST SP 800 standards series

• Understanding and working knowledge of current, relevant security-related standards, regulations, guidance, programs, processes, and/or practices

  • For key process areas, such as:

    • Corporate and security governance

    • Secure development lifecycle

    • Risk, threat, and vulnerability management

    • Identity, authentication, and access

    • Security event logging, monitoring, and incident response

    • Privacy and confidentiality

  • For key industries and marketplaces, such as:

    • Medical and Healthcare: HIPAA, HITRUST

    • Public/Government Agency:

    • FISMA/FedRAMP

    • COSO, COBIT,

• Specific to Industrial Automation and Control Systems (IACS) demonstrable understanding and knowledge of:

  • at least two different IACS,

  • the application of IACS,

  • networking and communication protocols, and

  • methods to protect, prevent, and detect attacks on networks and communication protocols.

• Strong professional and interpersonal skills with establishing and sustaining positive and effective working relationships with internal and external parties (as outlined in Working Relationships above)

• Highly motivated, self-starting individual, and able to multi-task and manage to timelines

• Knowledge of CSA certification options, programs, and services

• High level of interpersonal and communication skills; customer service skills, strong problem-solving ability; detail oriented

• Strong organizational, time and project management skills to complete job tasks independently and in a time-efficient manner

• Ability to work unsupervised, in a team-based work environment

• Reads, interprets and develops engineering drawings / specifications

• Technical report writing

• Computer proficiency (Microsoft Office)

CSA Group is an Equal Opportunity Employer and is committed to diversity, equity, and inclusion.  We prohibit discrimination and harassment of any kind based on any grounds stipulated by applicable laws. We are an organization where opportunities are based on skills and abilities, and differences are respected and valued.  Please contact us at talentacquisition@csagroup.org if you require accommodation in the interview process.