Our client is an IAF-accredited, ISO 27001 certified, and PCI QSA cybersecurity consulting firm with operations across Australia, New Zealand, and the Pacific. They deliver world-class cybersecurity services to government agencies, critical infrastructure operators, and enterprise clients across GRC, offensive security, managed security, and digital forensics.
As demand for IRAP assessment services grows across the Australian Government sector, they are expanding their team and looking for an experienced IRAP Assessor to help lead their government cyber advisory practice.
The Role
As an IRAP Assessor, you will conduct independent security assessments of government and critical infrastructure systems in line with the ACSC Information Security Manual (ISM) and Protective Security Policy Framework (PSPF). You will work directly with federal government clients, helping them achieve and maintain IRAP authorisation — while also identifying new business opportunities within the government sector.
Key Responsibilities
* Conduct end-to-end IRAP assessments of government systems, cloud environments, and ICT infrastructure aligned to ACSC ISM requirements
* Prepare Security Assessment Reports (SARs), Statements of Applicability (SoA), and supporting documentation
* Advise clients on risk treatment, residual risk acceptance, and security control implementation
* Assess systems against ISM, PSPF, Essential Eight, and NIST frameworks
* Support clients through the ASD endorsement and Authority to Operate (ATO) process
* Identify and develop new opportunities within federal/state government and defence supply chain organisations
* Collaborate across GRC, DFIR, and managed security teams
* Stay current on evolving ACSC guidelines, policy changes, and emerging threats
Skills & Experience Required
* 5+ years in cybersecurity with hands-on IRAP assessment experience
* Active ASD-endorsed IRAP Assessor status — mandatory
* Current NV1 security clearance — mandatory
* Deep working knowledge of the ACSC ISM and PSPF
* Strong understanding of Essential Eight maturity model
* Experience assessing cloud environments (AWS, Azure, M365) against ISM controls
* Ability to produce high-quality assessment documentation
* Strong communicator — comfortable presenting to technical teams and executives alike
Certifications (Highly Regarded)
* CISSP, CISM, or CISA
* GIAC certifications (GSLC, GCIH, or similar)
* Cloud security certs (AWS Security Specialty, AZ-500, or equivalent)
What Sets You Apart
* Existing relationships within Australian Government, ASD, or Defence ecosystem
* Track record of identifying and converting new government opportunities
* Experience across classified and unclassified environments
* Ability to manage multiple concurrent assessments independently
Why Join
* High-profile government and critical infrastructure client exposure
* Genuine opportunity to shape and grow the government practice
* Competitive remuneration aligned to clearance level and experience
* Flexible, remote-friendly environment
* Career pathway into senior advisory and practice leadership roles
#J-18808-Ljbffr