**Sydney**
**IT & Telecomms**
IT Security
- Deep knowledge of cybersecurity and protection technologies
- Strong Knowledge of ISO27001/2, NIST CSF, CIS standards.
- Strong understanding of Cloud Security and IAM
The individual must possess a working knowledge of current and developing security threats, strong understanding of risk management in a cloud led environment. Also need a strong foundational understanding of infrastructure security, Software delivery life cycle and developing cyber security policies.
They will work closely with management, other team members, and operation teams to ensure data protection for systems.
It is expected that this role will focus 50% effort on risk management responsibilities and remaining 50% on information security policy development and architecture development.
**Working as an Information Security Specialist, the role will**:
- Perform Security Risk Assessments (SRA)
- Security Architecture development and review
- Cyber Security Policy development review and update
- Certify new network platforms (projects) to be compliant with the set of regulatory/mandated security obligations
- Advise projects on the optimal course of remediation by analysing the results of the penetration test, source code assessment and the vulnerability scan.
- Provide guidance on the issue remediation
- Raise security exception requests if required
- Consulting on Security Requirement and Compliance for Networks
- Advising on Security Design for Networks solutions
**The individual must possess**:
- Deep knowledge of cybersecurity and protection technologies
- Strong Knowledge of ISO27001/2, NIST CSF, CIS standards.
- Strong understanding of Cloud Security
- Having delivered key security programs
- Working knowledge of current and emerging security
- Strong understanding of Identity and Access Management
- In depth knowledge of risks assessment process;
- Ability to understand the penetration test reports, vulnerability scan reports (Nessus) and source code assessment reports (HP Fortify);
- Strong research and recommendation skills
- Good skills in preparing and presenting management reports
- Experience in a telecommunication or cloud environment is preferred
**Key Result Areas Required Outputs/ KPIs Measurement Method**
**Privacy Compliance and development**:
- Identify cyber security risks and recommend appropriate controls and initiatives across many projects.
- Contribute to the development of sustainable and repeatable security-by-design program,
- Review policies and procedures relating to security, privacy, and data protection.
- Support incident management framework and recommend appropriate controls to contain (and mitigate) potential technical vulnerabilities. - Act as principal privacy champion demonstrating adherence to internal policies and procedures.
Policy deviations
- Review the security policies, procedures and standards
- Identify and communicate security non-compliances and vulnerabilities that could impact business operations.
- Assess, document and communicate risks in context with business operations.
- Develop and communicate remediation plans capable of reducing risk to the organization.
- Assist business owners with prioritizing risks and consulting users on adequate compensating controls to reduce risks. - The policy deviations are documented as per standard
- The SLAs are tracked and followed
Control Compliance - Evaluate security controls and ensure they are effective in mitigating risks
- Work with leaders to establish/fine tune controls and process.