About the team
Our cleint is responsible for delivering robust ICT functions and capabilities, maintaining election-ready systems, and delivering an ambitious ICT transformation and modernisation agenda. The Branch who is seeking a Cyber security Specialist, leads and supports a range of department projects/programs including, but not limited to, the Modern Workplace Program, Cloud Technology Project, and the Election Systems Modernisation Program.
About the project
The programs a large-scale transformation program to modernise business capabilities and replace core election ICT systems with a citizen-centric, agile technology platform. The Program will transform the department ability to delivery electoral services and ensure ongoing integrity of the electoral system. This comprises a variety of work packages with a focus on business process re-engineering, data management, legislative compliance and replacing aging systems
Job details
The Cyber Security Specialist is expected to have a strong understanding of ICT security policy in government, and a background in large and complex projects is essential. The Security Specialist is responsible for undertaking technically complex work, under limited direction, utilising expertise in IT security analysis and compliance assessment. The Security Specialist will be responsible for documenting the risks and security controls for current-state and target-state solutions that help drive he modernisation agenda of the Department. This role will work closely with program architects, solution architect, business analysts, procurement specialists, system integrators, ICT, and vendors to shape and inform the direction of modernisation activities. The Security Specialist will be expected to develop a firm understanding of the Department risk appetite, as such the ability to identify, shape and describe opportunities and risks within the context of business outcomes and business problems will be essential. The Security Specialist will need to engage and communicate widely across the key stakeholders groups, including business, ICT, system integrators and vendors. As such, strong communication and stakeholder engagement skills are essential. We are looking for Security Specialists who have a desire to define and deliver real outcomes, are comfortable working with ambiguity and are not held hostage by methodology. We are looking for people who want to have an impact and contribute to a program that is making real change. We need people to contribute to our culture and who are committed to making the program a great place to work. We expect to challenge our recruits with new thinking and to be challenged ourselves. Success for this role will rely on the individual's ability to deliver in a fast paced and highly dynamic environment, a good cultural fit and an ability to challenge and drive thinking in new directions.
Key duties and responsibilities
Cyber Security Specialist will be responsible for, but not limited to:
* Conducting security architecture reviews for solutions within the scope of the program including the collection of high-level security requirements, assessment of current-state security architecture and proposing target-state security architecture.
* Development and/or review of the Statement of Applicability for solutions within the scope of the program. Determination as to whether controls (ISM and PSPF) are applicable to the assessment scope, assessment of the level of readiness and effectiveness of applicable controls and documenting comments and evidence for each control.
* Development and/or review of Security Risk Management Plans including the documentation of implemented security controls.
* Development and/or review of System Security Plans including the documentation of information security threats, vulnerabilities and risks.
* The development and/or review of technical security documentation to support procurement.
* Participation in procurement evaluation activities, which may include the conduct of light-weight information security risk assessments.
* Undertake risk assessments of proposed designs and/or technology solutions to ensure alignment with the Program architecture principles and standards.
* Provide analysis and judgement on complex issues and make significant contribution to the management, preparation and coordination of Program deliverables.
* Develop and actively manage key internal and external relationships, including collaborating with key stakeholders to identify opportunities, achieve outcomes and facilitate cooperation.In addition to representing and explaining cyber security and architectural views in various forums.
* Liaising with vendors, ICT, and system integrators in relation to information security matters to facilitate Program outcomes.
* Provide high quality and timely advice internally and externally, including guidance and reporting to Program leadership
* Communicate using professional judgement, evaluating risks and in the context of a complex and changing environment.
* Perform additional duties or assume responsibility of functions as directed by the Program management team from time to time.