Must have a Negative Vetting 2 Security Clerance.
SFIA- SCTY 5
Security Product Assessor – Security product evaluation, applying deep scrutiny to the security-enforcing mechanisms of software and hardware products to ensure effective security for the products and the systems leveraging them. Security Product Assessor must be familiar with the Australian Government Information Security Manual (ISM) as the basis for cyber security risk treatments across government.
Security Product Assessor’s responsibilities are inclusive of the following activities:
- stakeholder engagement, management, risk triage, and strategic mission support;
- providing expertise in evangelising CSAA’s approach to the assessment and reporting of cyber risk;
- supporting department’s mission through the triage and prioritisation of assessments;
- assessment and assurance administration and reporting;
- assisting CSAA management with holistic risk reporting;
- Department’s Chief Information Security Officer requests;
- Freedom of Information requests; and
- Senate Estimates support.
Qualifications, Skills and Experience
Security Product Assessors must have one or more of the following qualifications, skills and experience:
- Tertiary qualifications in Cyber Security;
- Experience in risk assessment and reporting of complex/varied array of ICT systems;
- CISM – Certified Information Security Manager;
- CISSP – Certified Information Systems Security Professional;
- GSLC – GIAC Security Leadership Certificate;
- CISA – Certified Information Systems Auditor;
- CRISC – Certified in Risk and Information Systems Control;
- GSNA – GIAC Systems and Network Auditor;
- ISO 27001 Lead Auditor;
- PCI QSA – PSI Qualified Security Assessor.