Address
SalaryAustralian Citizens residing in Australia with Baseline Clearance only respond.
- Contract start 21 August 2023 to 5 months, 2 x 6 months extensions.
- Australian Citizen, Baseline Clearance, Canberra, Brisbane, Adelaide, Melbourne role.
Overview
The Security Expert will provide services as a senior information and cyber security analyst, to oversee the technical implementation and delivery of a suite of priority cyber security services to Services Australia and its partners, including the Australian Signals Directorate (ASDs) recommended service offerings. The Security Expert will be working in a small team overseen by Agency project management.
PRIMARY TECHNOLOGIES: MS-Office productivity applications, MS endpoints (server and desktop Operating Systems) and endpoint security controls associated with ASDs Essential Eight, DNS and other network protocols of interest to Cyber operations, Host-based Intrusion Detection / Prevention Systems (HIDS/HIPS), Wintel, Linux and other mid-range platforms, secure network and gateway service technologies.
The Security Expert Key Tasks/Duties may include some or all of the following:
Manage alignment of cyber security controls with corporate level information and cyber
security requirements.
Assess cyber security/access management policies and procedures.
Assess and report on cyber security policies, procedures and controls relating to the project and services.
Oversee validation activities for cyber security projects to completion.
Provide expert technical advice, support and recommendations on Governance Risk Compliance (GRC) best practices in relation to government information and cyber security policy, threat and risk management frameworks.
Proactively share knowledge and expertise as the cyber security GRC subject matter expert, and provide assistance and mentorship to less experienced colleagues.
Document a range of technical / risk assessment documentation and reports including (but not limited to):
a. Security Risk Assessments (SRA).
b. Threat and Risk Assessments (TRA).
c. Statements of Applicability (SoA).
d. Security Risk Management Plans (SRMP).
e. Privacy Impact Assessments (PIA).
f. Negotiate, engage and manage relationships with other service providers to build security services and related project delivery capability.
Collaborate with a broad range of internal and external stakeholders to achieve project outcomes.
Encourage innovation, continuous improvement and manage and support change.
Provide leadership, direction, and oversight for GRC services and activities to support the projects.
Manage the assessment and reporting of information and cyber security risks, governance and compliance controls with regard to systems, processes, procedures, tools and techniques utilised by the services.
Provide leadership on GRC system and process management at the organisational and business levels.
Every application requires to address selection criteria as part of application submission.
Mandatory Criteria
1. Demonstrated experience and success delivering governance, risk and compliance
documentation including SRA, TRA, SoA, SRMP and PIA, using Federal Government
information security policy (i.e. Information Security Manual, Protective Security Policy
Framework) and the ACSCs Cyber Security principles and guidelines and recommended
service offerings.
Weighted Criteria
1. Demonstrated experience in supporting the delivery of strategic, contemporary cyber
security solutions.
2. Demonstrated knowledge of industry Cyber Security frameworks, best practices and
standards.
3. Demonstrated knowledge of industry public cloud best practices and standards.
