Security Compliance Specialist
DSED Program – Military Systems Division
Defence Digital Group | Department of Defence
Security clearance NV2 or higher is mandatory
An exciting opportunity is available for an experienced
Security Compliance Specialist
to join the
DSED Program
within the
Military Systems Division
,
Defence Digital Group
, Department of Defence.
In this role, you will provide specialised ICT security support services for Defence fixed and deployed systems, ranging from simple to highly complex environments. Working on behalf of the
Cyber Security Assessments and Authorisation (CSAA) Directorate
, you will play a key role in assessing, managing and authorising Defence ICT systems in line with Government and Defence security frameworks.
About the Role
The Security Compliance Specialist will undertake ICT security assessments of
classified Defence systems (SECRET and below)
in accordance with relevant Government and Defence policies, procedures and guidelines, including but not limited to the
ISM, PSPF, CSAA Framework and DSPF
.
The primary deliverables for this role include the completion of
Security Assessment Reports
and
Authorisation Briefs
in
DCIAB format
, supporting the achievement of
Authority to Operate (ATO)
outcomes.
Key Responsibilities
* Assess the effectiveness of security controls for Defence ICT systems and their operating environments
* Conduct ICT security assessments across a range of fixed and deployed Defence systems
* Produce detailed assessment reports for each system, including:
* Scope and background
* Security strengths and weaknesses (including key threats and vulnerabilities)
* Identified security risks
* Effectiveness of implemented security controls
* Recommended remediation actions (including stage 2 recommendations, VA/Pen testing, suggested improvements, and operational or production caveats where applicable)
* Attend meetings and workshops to provide ICT security advice and guidance to stakeholders
* Contribute to Directorate reporting and briefing requirements
* Adhere to Defence, Defence Cyber and Information Assurance Branch (DCIAB), and CSAA principles and practices
* Support the achievement of Authority to Operate (ATO) requirements
Required Skills and Experience
* Tertiary qualification and/or demonstrable industry experience in an ICT discipline or equivalent
* Two or more
of the following certifications:
* Certified Information Systems Security Professional (CISSP)
* Certified Information Security Manager (CISM)
* ISO 27001 Lead Auditor
* Global Information Assurance Certification (GIAC)
* GIAC Forensic Analyst (GCFA)
* Certified Information Systems Auditor (CISA)
* Demonstrated experience in ICT security risk management and assessment methodologies
* Proven experience in ICT system assessment and authorisation processes from a security and risk perspective
* Strong understanding of the
PSPF, ISM and DSPF
* Ability to work under broad direction with a high degree of autonomy
* Excellent written and verbal communication skills
Why Join Us?
This role offers the opportunity to work at the forefront of Defence cyber security, contributing to the protection of critical military systems while collaborating with highly skilled professionals in a mission-critical environment.