Specialist – Cybersecurity

Job Objective

To implement and operate Milaha's classified environment security framework, ensuring compliance with applicable national secrecy requirements and cybersecurity frameworks (e.g., NIA, QCSF).

The role is responsible for developing a secure enclave for handling highly classified information, supporting projects linked to state agencies and national secrecy requirements. The Specialist will oversee classified environment operations, champion incident response and assurance activities, and act as the focal point for secure handling of state-linked classified information.

The role will also ensure ongoing assurance and adaptation of controls to meet evolving regulatory requirements, safeguarding Milaha's participation in sensitive national projects.

Reporting Relationships

Upward Reporting Relationship

VP - Cybersecurity

Downward Reporting Relationship

None

(May guide junior staff, contractors on classified environment projects as required)

Communication

Internal Communication

Purpose

• VP – Cybersecurity
• Business Units
• IT Department

• Legal & ERM

• Provide updates on classified environment implementation, operations, incidents, and compliance status

• Ensure secure handling of classified information in projects, align requirements with business operations
• Collaborate on infrastructure, network, and identity integration for the classified enclave; ensure secure operations and monitoring.
• Align classified environment operations with contractual, legal, and risk management requirements.

External Communication

Purpose

• Regulators & State Agencies
• Auditors
• Vendor & Service Providers
• Act as liaison and focal point for projects involving national secrecy requirements; provide compliance evidence and incident reports as required by NIA C4 and QCSF
• Support internal and external audits on classified environment compliance and assurance activities.
• Coordinate secure design, implementation, and assurance of classified enclave technologies.

Key Roles & Responsibilities

Classified Environment Operating Model

• Implement and maintain an enhanced security operating model for Milaha's classified environment, ensuring compliance with applicable national secrecy and cybersecurity frameworks (e.g., NIA, QCSF).
• Establish governance for personnel clearance, access control, monitoring, and secure audit trails within classified environments.
• Ensure continuous assurance, regular validation, and adaptation of controls to meet evolving national secrecy and regulatory requirements.

Classified Enclave Development

• Design, build, and operate a secure enclave for handling highly classified information and projects involving state agencies.
• Define and enforce strict access management, encryption, and data residency safeguards.
• Conduct regular assurance activities including penetration testing, security audits, and compliance validation.

Classified Enclave Security Operations

• Oversee daily operations of the classified enclave, including monitoring, vulnerability management, and access governance.
• Develop and maintain incident response playbooks for classified environments, ensuring compliance with national secrecy and cybersecurity frameworks (e.g., NIA, QCSF).
• Ensure readiness for regulator-led inspections and state agency audits, providing timely evidence and compliance documentation.
• Maintain continuity and recovery capabilities for classified environments as part of Milaha's BCP/DRP.
• Continuously adapt and enhance enclave security controls to address evolving secrecy and cybersecurity requirements.

Stakeholder & State Agency Engagement

• Act as the security champion and focal point for projects involving state agencies and national secrecy requirements.
• Collaborate with VP Cybersecurity, Business Units, Fleet IT Support, Legal, and ERM to integrate classified environment security into enterprise processes.
• Liaise with regulators, auditors, and state agencies on classified environment matters.
• Provide awareness and training for authorized staff handling NIA C4-classified information.

Assignments

• Undertake additional cybersecurity tasks or projects as assigned within the department.
• Support other cybersecurity initiatives or assignments as required, contributing expertise to cross-pillar to strengthen Milaha's overall cybersecurity posture

Occupational Health and Safety & Environment

Accountability

Responsibility

Authority

Are accountable for their acts and omissions.

• To follow agreed safe systems of work; to follow training and instructions; and to report accidents, incidents and near misses.

To stop work if they think the work is unsafe.

Qualification/Experiences/Skills

Education & Professional Qualification

• Bachelor's degree in Cybersecurity, IT, Computer Science, or related field.
• Professional certification preferred: CISSP, CISM, CISA, or CCSP.
• Knowledge of NIA C4 and QCSF requirements is an advantage.

Professional Experience

• 6–8 years in cybersecurity, with at least 3 years in secure environment operations, compliance, or assurance.
• Experience implementing or operating controlled or classified environments under regulatory frameworks (e.g., NIA, QCSF, ISO

Technical Expertise

• Strong understanding of access control, encryption, monitoring, and secure enclave operations.
• Familiarity with incident response and continuity planning in high-assurance environments.
• Knowledge of IT infrastructure and integration for secure environments.

Soft Skills

• High integrity and confidentiality in handling sensitive information.
• Strong analytical, problem-solving, and reporting skills.
• Effective communicator and collaborator with IT, BUs, regulators, and state agencies.
• Able to act as a security focal point for classified projects.