Qualifications and Experience
Qualifications
Essential:
· Cyber Security Industry certifications (SANS, CISSP, CISM, OSCP, CEH)
· Certified IRAP Assessor
Certified SAFe® Practitioner (mandatory for all COSPO personnel – can be completed upon engagement).
Desirable:
· Bachelor’s degree in relevant field (eg, Computer Science, Information Systems, Cybersecurity) or equivalent +5 years industry experience.
Experience
Essential:
· Completed a full IRAP assessment for a Federal Government Agency
· Significant experience conducting security assessments and risk management at an Enterprise scale.
· Demonstrated security experience within complex ICT environments
· Experience working within the Defence Environment
· Demonstrated understanding of the Protective Security Policy Framework (PSPF), the Australian Government Information Security Manual (ISM), and other Australian Government security guidance and advice
Desirable:
· Knowledge, experience of, and relationships within the technology industry
· Delivery of technology to support regulatory decision-making processes.
· Experience delivering to the Australian Government Digital Service Standard
· Demonstrated experience in and understanding of information technology and/or cyber security.
· Understanding of international security standards such as Security Technical Implementation Guides (STIG), Center for Internet Security (CIS) and NIST.
Responsibilities
· Security threat and risk assessment identification and development of security accreditation with certification report.
· IRAP Assessments of proposed ICT designs and solutions
· Re-evaluate accreditation documents when accreditation timeframes lapse or a system/environment change requires a re-evaluation
· Provide security advice relating to accreditation documents. This will be required and requested by the Commonwealth on an ad hoc basis as COSPO requires it.
· Other Security Artefacts or COSPO policies as requested by the Commonwealth.
· Stakeholder management and communication of security concepts to non-technical audiences both verbally and in writing.
· Manage, develop and support complex relationships with stakeholders to achieve work area goals
Security Clearance
· The ability to obtain and maintain an Australian Government Security Vetting Agency NV 1 security clearance.
· Must be an Australian citizen.
Capability Profile
Skills
Essential:
· Excellent communication skills; both written and verbal
· Ability to build and sustain productive and collaborative working relationships
· Ability to work in a multi-disciplined team environment
· Strong problem solving and conflict resolution skills
· Pragmatic judgement in working with multiple authorities (ICTSB and COSPO)
· Flexible and able to adapt changing business needs
· Stakeholder management in complex matrixed structures
Desirable:
· NIL
Knowledge
Essential:
· Completed a full IRAP assessment for a Federal Government Agency
· Significant experience conducting security assessments and risk management at an Enterprise Level
· Demonstrated security experience within complex ICT environments
· Knowledge, experience of, and relationships within the technology industry.
· Demonstrated understanding of the Protective Security Policy Framework (PSPF), the Australian Government Information Security Manual (ISM), and other Australian Government security guidance and advice.
Desirable:
· Understanding of international security standards such as Security Technical Implementation Guides (STIG), Center for Internet Security (CIS) and NIST.