Senior Security Expert

Australian Citizens residing in Australia with Baseline Clearance only respond.

• Contract start 21 August 2023 to 5 months, 2 x 6 months extensions.
• Australian Citizen, Baseline Clearance, Canberra, Brisbane, Adelaide, Melbourne role.

Send your responses to
Overview
The Senior Security Expert will provide services as a senior information and cyber security analyst, to oversee the technical implementation and delivery of a suite of priority cyber security services to Services Australia and its partners, including the Australian Signals Directorate (ASDs) recommended service offerings. This role is required to have in-depth knowledge of specific ICT security models to provide expert advice on the creation and operational maintenance of system roles, access authorisations, and security profiles and promote the development and exploitation of ICT security knowledge. The Senior Security Expert will be working in a small team overseen by Agency project management.
Primary Technologies: MS-Office productivity applications, MS endpoints (server and desktop Operating Systems) and endpoint security controls associated with ASDs Essential Eight, DNS and other network protocols of interest to Cyber operations, Host-based Intrusion Detection / Prevention Systems (HIDS/HIPS), Wintel, Linux and other mid-range platforms, secure network and gateway service technologies.
The Senior Security Expert Key Tasks/Duties may include some or all of the following:
Implement security/access management policies and procedures.
Plan and implement security policies and procedures.
Ensure security regulations are observed at all times and ICT teams follow methodology.
Review scheduled security reports to track and report on compliance.
Perform complex risk assessments to identify high-risk access privilege assignments and segregation of duties conflicts.
Monitor and manage change requests to ensure that ICT systems are under change control.
Provide expert technical advice, support and recommendations on security best practices.
Manage alignment of cyber security controls with corporate level information and cyber security requirements.
Assess cyber security/access management policies and procedures.
Assess and report on cyber security policies, procedures and controls relating to the project and services.
Oversee validation activities for cyber security projects to completion.
Provide expert technical advice, support and recommendations on GRC best practices in relation to government information and cyber security policy, threat and risk management frameworks.
Proactively share knowledge and expertise as the cyber security GRC subject matter expert, and provide assistance and mentorship to less experienced colleagues.
Document a range of technical / risk assessment documentation and reports including (but not limited to):
a. Security Risk Assessments (SRA).
b. Threat and Risk Assessments (TRA).
c. Statements of Applicability (SoA).
d. Security Risk Management Plans (SRMP).
e. Privacy Impact Assessments (PIA).
Negotiate, engage and manage relationships with other service providers to build security services and related project delivery capability.
Collaborate with a broad range of internal and external stakeholders to achieve project outcomes.
Encourage innovation, continuous improvement and manage and support change.
Core responsibilities include:
Deliver a range of technical / risk assessment documentation and reports relating to the delivery of cyber projects including (but not limited to):
a. Security Risk Assessments.
b. Threat and Risk Assessments.
c. Statements of Applicability.
d. Security Risk Management Plans.
e. Privacy Impact Assessments.
Provide leadership, direction, and oversight for GRC services and activities to support the projects.
Manage the assessment and reporting of information and cyber security risks, governance and compliance controls with regard to systems, processes, procedures, tools and techniques utilised by the services.
Provide leadership on GRC system and process management at the organisational and business levels.
Every application requires to address selection criteria as part of application submission.
Mandatory Criteria
1. Demonstrated experience and success delivering governance, risk and compliance
documentation including SRA, TRA, SoA, SRMP and PIA, using Federal Government
information security policy (i.e. Information Security Manual, Protective Security Policy
Framework) and the ACSCs Cyber Security principles and guidelines and recommended
service offerings.
Weighted Criteria
1. Demonstrated experience in supporting the delivery of strategic, contemporary cyber
security solutions.
2. Demonstrated knowledge of industry Cyber Security frameworks, best practices and
standards.
3. Demonstrated knowledge of industry public cloud best practices and standards.