Role: Security SME
Location : Sydney
Type : Contract
40% – Security Requirements & Exposure Assessment (Design Phase)
Key Responsibilities
Identify and define security requirements by analysing business objectives, regulatory needs, and threat models.
Translate business and technical inputs into logical security models and domain impact assessments.
Assess solution designs for alignment with security requirements and document gaps or non‑compliance.
Conduct early security exposure assessments to identify vulnerabilities or risks.
Produce clear, detailed documentation covering security requirements, design gaps, and recommended controls.
Collaborate closely with solution architects, engineers, and project leads to develop remediation plans.
Identify systemic or recurring capability gaps and escalate to Enterprise Security Architecture.
Lead and manage the Secure by Design Design phase, ensuring alignment with defined scope and objectives.
Present designs and obtain formal sign‑off from the Security Architect Lead.
Success Indicators
Thorough & accurate identification of business‑driven security requirements.
Complete and well‑structured Security Domain Impact Assessments.
Clear identification of design gaps and recommended controls.
High‑quality and reusable security patterns and blueprints.
SbD Design completed within agreed scope and timelines.
Positive stakeholder engagement, transparency, and clarity in deliverables.
Strong alignment with:
Business risk appetite
Strategic objectives
Security architecture standards & blueprints
Compliance obligations
60% – Security Mechanism Implementation (Implementation Phase)
Key Responsibilities
Select, implement, and integrate appropriate security components aligned with enterprise architecture.
Translate requirements into actionable implementation steps and configurations.
Identify implementation gaps and document discrepancies from architectural expectations.
Work closely with engineering teams, developers, vendors, and partners to embed controls throughout the SDLC.
Maintain clear documentation covering implemented mechanisms, configurations, and controls.
Create and publish reusable security blueprints and solution patterns.
Lead and manage the SbD Implementation phase to ensure delivery within scope and quality standards.
Support assurance activities by providing required artefacts and evidence for SbD sign‑off.
Collaborate with risk teams to ensure residual risk is accurately captured and assessed.
Success Indicators
Effective integration of security controls across solutions and platforms.
Early identification and timely remediation of implementation gaps.
Removal of redundant controls to improve efficiency.
High‑quality documentation supporting reuse, governance, and operational clarity.
On‑time completion of SbD Implementation activities.
Strong cross‑team collaboration (engineering, IT, vendors).
Positive feedback from security & delivery teams.
Major Challenges
Strategic Alignment & Business Integration
Balancing strategic vision with tactical execution.
Ensuring security enhances—not inhibits—usability, scalability, and delivery velocity.
Translating business needs into actionable, risk‑aligned security requirements.
Stakeholder Management & Influence
Navigating competing priorities across business, IT, and security.
Influencing without authority and advocating for secure outcomes.
Communicating complex security concepts in a clear, accessible manner.
Architecture & Design Challenges
Moving from fragmented, reactive architecture to cohesive, enterprise‑aligned design.
Addressing legacy debt and historical inconsistencies.
Designing flexible architectures aligned with global frameworks.
Governance & Capability Development
Acting as a custodian of security architecture standards.
Escalating systemic capability gaps to drive enterprise uplift.
Maintaining strong security practices without introducing unnecessary complexity.
Decision‑Making & Delegated Authority
The SbD Security SME has authority to:
Determine implementation approaches for security requirements and components.
Make detailed design decisions related to control selection, configuration, and architecture alignment.
Recommend and apply tools, standards, and practices that enhance security integration.
Provide effort estimations and scope assessments for SbD activities.
Seniority level
Mid-Senior level
Employment type
Contract
Job function
Information Technology
Industries
IT Services and IT Consulting