Registered IRAP Assessor - ACT/NSW (Hybrid)
Overview
This is a contract role for an IRAP Assessor. The Client is seeking an experienced Lead Cyber Security Advisor to oversee and manage security requirements and documentation updates in preparation for an upcoming IRAP (Information Security Registered Assessors Program) assessment. This role is essential for ensuring compliance with the Australian Government Information Security Manual (ISM) and supporting secure service delivery across the BuyICT platform.
Responsibilities
* Deliver expert cyber security advice and guidance to the Sourcing Platforms team.
* Interpret the platform's current security controls against updated ISM and SSPA controls (including changes made quarterly by ASD) and identify new controls required for compliance.
* Update and maintain key security documentation, including:
o Security Risk Management Plan (SRMP)
o System Security Plan (SSP)
o System Security Plan Annex (SSPA)
o Change Management Plan
o Disaster Recovery and Business Continuity Plan
* Support platform security enhancements and recommend measures to mitigate risks, thereby strengthening the platform's security posture.
Qualifications & Experience
* Certified ASD IRAP Assessor with a minimum of five years' technical ICT experience, including at least two years focused on information security for systems governed by the ISM and related publications.
* Proficiency in implementing the Australian Cyber Security Centre's Essential 8 strategies.
* Demonstrated ability to identify, analyse, and resolve infrastructure vulnerabilities and application security issues.
Selection Criteria
The buyer has specified that each candidate must provide a response to each criterion. Each response is limited to 3000 characters.
1. Specialist advice level 5: Provides definitive and expert advice in their specialist area. Actively maintains recognised expert level knowledge in one or more identifiable specialisms. Oversees the provision of specialist advice by others. Consolidates expertise from multiple sources to provide coherent advice. Supports and promotes the development and sharing of specialist knowledge within the organisation. (40%)
2. Secure Operations Management level 4: Develops or operates security management procedures and processes without close supervision. Monitors the application of Security Operating Procedures without close supervision. (35%)
3. Policy and Standards level 4: Incorporates recent advances in Information Security into existing policies and standards without supervision; manages teams working on policies and standards, mentoring as appropriate. (25%)
Seniority & Employment
* Mid-Senior level
* Contract
Job function & Industries
* Job function: Sales and Management
* Industries: Research Services
#J-18808-Ljbffr