Position: Cyber Security Manager
Classification: Executive Level 1
Location: Canberra ACT
Job Reference: #162_12/24
Group: Business & Technology Group
Unit: Cyber Security & Assurance Unit
Salary $115,126 - $128,425 plus 15.4% superannuation
Ongoing | Non-ongoing (for up to 18 months with possibility of extension)
Engagement Type:
Full-time
Advertised: Commonwealth Gazette (Monday, 9 December 2024)
Closing Date: 11:30pm, Sunday, 12 January 2025
More information: Visit our Careers Page and the AIHW Enterprise Agreement
A merit pool may be established from this recruitment exercise and used to fill similar positions within the Institute
over the coming 18 months.
About the AIHW
The Australian Institute of Health and Welfare (AIHW) provides reliable, regular, and relevant information and
statistics on Australia's health and welfare.
We are committed to providing high quality, national data and analysis across the health, housing and
community services sectors. This covers a wide range of areas, from health and welfare expenditure,
hospitals, disease, and injury, disability, and mental health, to ageing, disadvantaged and vulnerable
populations, homelessness, and Indigenous health and welfare.
The AIHW Difference
The AIHW's APS employee census results attest to our positive and supportive workplace culture. We are an
inclusive, flexible, and productive workplace where people are treated with respect and courtesy, and diverse
and unique attributes are recognised and valued. Our results also show that we achieved top ten rankings in
staff engagement, communication, and wellbeing scales out of 104 APS agencies.
We offer a range of benefits including:
- access to flexible working arrangements to support your work/life balance
- attractive remuneration packages including generous superannuation and leave provisions
- challenging and fulfilling work where you can use your skills and expertise
- opportunities for professional development including study assistance
Nations people(s), people with disability, LGBTIQA+, neurodiverse people and people from diverse cultural
and linguistic backgrounds.
The AIHW has offices in Canberra and Sydney and offers remote work opportunities for many roles.
For more information, visit the Benefits of working for the AIHW page of our website.
Position Summary
The Business and Technology Group fosters the enhancement of the AIHW's business through the provision
of resources, advice and assistance. The Group consists of six Units; Finance & Commercial Services, People
& Facilities, Chief Technology Office, Cyber Security & Assurance, IT Operations & Platforms and IT Business
Development & Delivery.
The Cyber Security and Assurance ensures that our ICT services enable the AIHW to securely execute its
mission - protecting our data, enabling trust.
We have broad security remit covering all the ACSC cyber security principles (Govern, Identify, Protect, Detect
and Respond). We manage IT security risk, ensure required security controls effective and monitor for
security alerts and vulnerabilities.
The IT Security Unit is looking for an IT Security Senior Analyst who will work in a small team.
Under general direction you will:
- lead the development and continual improvement of cyber security Governance, Risk and Compliance
practices
- work with project teams and solution architects to ensure security requirements are built into new
projects and support the development of practical security documentation
- lead and/or perform security assessments, security audits and other reviews
- lead and/or perform threat modelling, risk assessments and other risk management activities
- work across teams to develop, implement and maintain IT security policy
- provide leadership and mentoring to junior staff.
Secondary duties are to support the other functions of the team and include:
- contributing to an on-going cyber security awareness program
- working with the broader ICT Group to continuously improve security controls in line with the
Essential 8, the Information Security Manual (ISM) and cyber security best practice
- performing general security operations, including alert monitoring, vulnerability management and
investigating security incidents.
Selection Criteria
1. 5 years or more demonstrated experience working in a cyber security role, with in-depth knowledge
of whole of government security frameworks (i.e., ISM, PSPF).
2. Proven experience conducting cyber security Governance, Risk and Compliance activities, including
the development of security documentation, performing security assessments (including essential 8),
threat modelling, risk assessments and other risk management activities.
3. Demonstrated experience working with stakeholders to implement and adopt new security policies.
complex problems.
5. Strong communication skills including the ability to collaborate with a range of internal and external
stakeholders.
6. Experi