$120,303 - $135,701 (EL 1) + BDCP + Super
The Assistant Director GRC plays a critical role within the Cyber Engineering team, supporting DDG deliver secure ICT systems aligned with cyber security standards.
Responsibilities
Provide expert assessment and advice on cyber security risk management, compliance, and assurance activities across complex ICT environments, including hybrid cloud platforms.
Lead and deliver technical risk assessments, business impact analyses, and security assurance of DDG technologies to manage alignment with the ASD's Information Security Manual (ISM) and Blueprint for Secure Cloud, PSPF and Defence security policies.
Identify, document, and manage cyber security controls and risks to manage the confidentiality, integrity, and availability of information and systems.
Interpret and apply security policy to develop and maintain ICT authorisation documentation and artefacts required for Authority to Operate (ATO).
Evaluate the adequacy and effectiveness of security controls and recommend improvements to mitigate identified risks.
Develop and executive security test plans to verify control effectiveness.
This role is eligible for an additional remuneration benefit known in Defence as a Building Defence Capability Payment (BDCP).
This enables Defence to provide a premium, in addition to the base salary otherwise payable under the Defence Enterprise Collective Agreement (DECA), for positions in occupational disciplines/classifications that are critical to Defence capability.
For further information, please contact the contact officer.
About our Team
You will be part of a team of ICT professionals delivering complex projects across key Digital domains in both the Military and Enterprise Systems Divisions within Defence Digital Group (DDG).
These roles will provide technical expertise, mentorship and coaching in a matrixed construct, as teams and individuals are embedded into projects as needed.
As a Digital Engineer in DDG you may either:
Lead a team of ICT professionals experienced in key technology platforms/products, or work individually on projects as the technical engineering SME.
We commit to providing additional professionalisation for the right candidates so you can continue to grow and develop your career.
Ideal Candidate
Our ideal candidate will:
Have proficiency as a Cyber Security Governance Risk and Compliance practitioner with demonstrable experience providing cyber security risk assessment services using cyber security governance, risk management, and compliance frameworks.
Have strong technical skills and confidence in interpreting system architecture designs and diagrams to effectively identify and translate cyber security controls and risk posture.
Demonstrate experience in developing and managing security documentation for system authorisation.
Demonstrate leadership experience with multi-disciplinary teams, and a strong ability to drive effective collaboration across an organisation.
Be a pragmatic self-starter with a proven ability to manage competing priorities to a high standard of accuracy within allocated timeframes.
Demonstrate ability to interpret and apply security policies in complex ICT environments.
Have excellent communication and stakeholder engagement skills, with the ability to convey technical concepts to non-technical audiences.
Have knowledge of cloud Well-Architectured Frameworks and cloud security principles applicable to Federal Government security requirements.
Application Closing Date: Sunday 21 December ****
#J-*****-Ljbffr