Job details
The Department of Industry, Science and Resources (DISR) requires the services of a Cyber Security Compliance Specialist to work with system owners and business owners to identify and consider cyber security risk and appropriate remediation activities.
This full-time position (5 days per week) will be assigned to the assessment of new and upgraded systems to ensure the security accreditation requirements are met, as per the department’s Authority to Operate Framework (AtOF). Five years prior experience in writing and managing risk assessments per ISM compliance in Government is desirable.
This position will be responsible for providing security advice in line with the department’s processes and policies and security frameworks including the Information Security Manual (ISM), Protective Security Policy Framework (PSPF) and Information Security Registered Assessors Program (IRAP). The chosen candidate will have demonstrated extensive experience working as a security compliance specialist, with knowledge of the ISM, PSPF and IRAP processes, and the communication skills necessary to provide advice and supporting documentation associated with the department’s security framework. While working closely with technical and non-technical departmental staff to achieve the required outcomes.
Key duties and responsibilities
The candidate will be responsible for:
Lead and produce (write) quality security accreditation documentation including Statement of Applicability (SOA), System Risk Management Plan (SRMP), System Security Plan (SSP), and Certification Reports
Effective management of AtOF assessments ensuring they are completed within agreed timeframes while managing multiple assessments at any given time
Effectively communicating security concepts and controls to technical and non-technical stakeholders
Providing considered security advice to stakeholders, team members and Executive
Taking direction from the Cyber Security Manager and IT Security Advisor while working within the Cyber team
Act promptly to resolve compliance issues and address vulnerabilities, collaborating with relevant teams to implement relevant controls and improvements
Facilitating and negotiating discussions to an agreeable decision.
Completing security assessments in the departments IT service management risk system
Please note, applicants should have 5+ years of Governance, Risk and Compliance experience.
Criteria
The department has specified that each candidate must provide a one page pitch to address all criteria specified. This is equal to 5000 characters.
Essential criteria
5 years’ experience as a cyber security compliance specialist and demonstrated experience in relation to the detailed skill set (outlined above).
Experience working in large complex ICT environments with a focus on Microsoft technologies, and the ability to consult with a range of both technical and non-technical personnel.
Extensive knowledge of Australian Government Policies and frameworks relating to Government Services.
Ability to handle multiple assessments at any given point and excellent attention to detail.