Description:
• 6-month contract ( + 6 )
• $ negotiable
• CBD / Hybrid working
• Immediate start
A QLD state government department is looking for a suitable person to undertake a complete audit of the agency’s information assets ensuring that information already captured in the Information Asset Register (IAR) is accurate and complete.
The person will develop a plan to upload the complete, validated information asset register from the current spreadsheet-based document to the agency’s configuration management database.
Additionally, a plan will be developed enable the publishing of the information asset register to the department’s Intranet and a redacted version to the department’s website.
A second part of this work will ensure that engagement activities with Information Asset Custodians is coordinated along with other programs being undertaken in the department.
Responsibilities
• Undertake an audit of the agency’s information assets ensuring that:
• Information already captured in the information asset register is accurate and complete.
• Business impact assessments of each asset are validated with the correct assignment of confidentiality, integrity and availability (CIA) levels
• Any additional information assets not already captured are identified and added to IAR and their Asset Owners are nominated and approved
• Engage with nominated Information Asset Custodians and Information Asset Owners at an executive level and:
• Ensure they understand and accept their responsibilities
• Undertake an Information Security Classification process for each asset.
• Formally document their approval
• Develop a plan to upload the complete, validated information asset register from the current spreadsheet-based document into the department' configuration management database.
• Identify and develop a redacted list of OFFICIAL information assets extracted from the Information Asset Register in preparation for publishing on the department’s public website.
• Identify and develop a list of OFFICIAL information assets extracted from the Information Asset Register for publishing on the department’s internal intranet.
• Develop a plan or mechanism that ensures:
• a periodic review of the Information Asset Register
• ongoing regular updates can occur
• the ongoing publishing of updates of a list of OFFICIAL information assets from the information asset register to the departmental internal Intranet and a redacted version to the departmental external website.
The BA&S team will work with the contractor during the engagement and will engage with Business Application owners to:
• Identify and validate critical Business Applications in the department’s Business Application register.
• Capture information about the business applications (where are they installed, server details, when the applications become unsupported or due to be upgraded or deprecated).
• Make linkages between critical Business Applications, associated Information Assets, associated infrastructure and ensure the information is prepared so that it can be uploaded to the departments Configuration Management Database.
Selection Crtiteria
• Qualifications or experience in Information Management or related discipline.
• Knowledge and understanding of Information Management principals.
• Experience or knowledge in developing and maintaining an Information Asset Register (IAR) including the analysis of Confidentiality, Integrity, and Availability (CIA) and Information Security Classification of Information Assets.
• Good communication skills with ability to engage effectively and develop good working relationships with staff at all levels, including executive staff.
• Ability to work with limited supervision and set priorities to achieve results, as well as to complete allocated tasks and responsibilities with minimal direction.
Thank you for your application. We regret that due to the number of applications received we will not be able to respond to all applicants.