Key Responsibilities and Tasks:
- Provide assessment, advice and support to customers on the Governance and compliance aspects of cyber security across their business.
- Presenting findings to executive staff and providing a roadmap to meet their specific requirements
- Take into account Vulnerability Assessments that identify and classify the security vulnerabilities in a system, including contextualisation of the results
- Identify the security activities that help an organisation maintain the ongoing security posture. Covering the monitoring, maintenance, and management of the cyber security aspects of the solution, its people, and its processes.
- Development and delivery of security compliance training for a specific user community, considering their existing knowledge and training needs based upon the required learning outcomes.
- Provide advice and undertake formal inspections of an organisation's security policies, processes, and procedures.
- Plan, control, report and manage the risk for a defined package of work to ensure delivery of on time, budget, and quality products.
Skills and Experience
- Identification of security risks through identification of vulnerabilities throughout the lifecycle, assessment of exposure, likelihood, and severity of the risk in a quantitative or qualitative format that follows an industry recognised risk assessment methodology.
- Support the creation of cyber security controls regime across an organisation
- Identification of suitable risk management activities (technical, physical, or procedural) to direct and control an organisation or a system design to mitigate the identified risks.
- Expertise of:
- Policies and Standards that are required for systems operating in a controlled environment, such as ISO 27001, AESCSF, NIST800:82, SoCI act, IEC62443 and AS7770
- Legal and regulatory topics that should be considered when conducting various activities in the field of cyber security.
- Understanding of human interaction with a system and developing controls that are will be effective, used by the operators and not disrupt user interaction with the system.
- Creation of security documentation to support the development of a system, these could include: security Aspects, Risk Assessment, Risk Management, Security Policies, Security Test Plans/Results, Evaluation documents.
- Development of tests that demonstrate the effectiveness of the design to meet the security control requirements.
- Knowledge of hardware, software, people, and process vulnerabilities, how they occur, and of techniques that can be used to prevent or detect such vulnerabilities, or to mitigate their exploitation..
- High standards in written report and design documentation.
- Presentation and communication skills.