Cyber Security Assurance Manager, Electoral Integrity & Media

Agency Purpose

The Australian Electoral Commission (AEC) is an independent statutory authority established by the Australian Government to maintain an impartial and independent electoral system for eligible voters through active electoral roll management, efficient delivery of polling services, and targeted education and public awareness programs.

The AEC’s values and commitments

The AEC values and commitments are an essential component of our operating environment and frame how AEC staff work. The AEC's focus is on Electoral Integrity through the values of quality, agility and professionalism.

The Team

The Electoral Integrity and Media Branch has a primary function to ensure that the AEC is well-positioned to respond in a coordinated and consistent manner to any threats to Electoral Integrity, centred around Cyber Security, protective security and disinformation.

The role of the Cyber Security & Assurance section within the EIM Branch is to provide the AEC with assurance that its business and electoral operations are adequately protected and monitored against cyber intrusion and interference. The section’s Cyber Security responsibilities include providing Cyber Security advice and support to the AEC, projects within the AEC and the ICT environment and systems.

The section is responsible of delivering operational (day-to-day) Cyber Security functions, including monitoring, incident management and incident resolution; and conducting cyber-related investigations.

The Opportunity

The Cyber Security Assurance Manager leads a small team of operational Cyber Security staff and supports the ITSA to manage Cyber Security related patching of AEC systems and compliance of AEC systems with mandated security controls. This role manages patching in a liaison capacity, providing related advice and direction to system administrators.

This is an exciting opportunity to make a significant contribution to the delivery of electoral events and day-to-day operations through the continuous improvement of AEC’s systems.

This role is responsible for researching and monitoring Cyber Security related patches for relevant applications and operating systems by urgency and applicability, while liaising with the AEC’s IT branches and Third-Party Vendors for the implementation of required patches. You will be responsible for conducting vulnerability assessments of new and emerging vulnerabilities, report on compliance with mandated Cyber Security controls and coordinating regular scanning and testing of the AEC IT environment.

To excel you’ll have:

• Demonstrated ability to provide leadership and guidance in a team environment.
• Demonstrated knowledge of, and experience in implementing policy and processes that align to the Australian Cyber Security (ACSC)’s Essential Eight (E8) and its Maturity Model. 
• Demonstrated knowledge and experience in Cyber Security Assurance, including assurance activities and reporting with respect to the ACSC E8.
• Sound knowledge and experience in successfully managing and delivering results within time restraints and with competing priorities. 
• Demonstrated ability to communicate with influence, negotiate outcomes and manage complex stakeholder relationships, across all levels of seniority.
• Proven conceptual and analytical abilities with sound knowledge of change management practices and techniques to enable innovation.  
• Demonstrated personal drive and integrity whilst achieving results within legislative and budget parameters.
• Relevant qualifications in Cyber Security or similar. 
• Demonstrated knowledge of Commonwealth frameworks, including the PSPF and ISM.

 Eligibility

• AEC employees must be Australian citizens.
• Any person who is, and seen to be active in political affairs, and intends to publicly carry on this activity, may compromise the strict neutrality of the AEC and cannot be considered.
• Applicants are required to consent to, undergo, obtain and maintain a character clearance.
• Applicants are required to consent to, undergo, obtain and maintain the Negative Vetting 1 security clearance required for this role.
• Applicants may be required to undertake psychometric testing as part of this recruitment process.