As a member of our Cyber assessment team, you will play a crucial role in reviewing systems architecture and assessing the design and implementation effectiveness of security controls. You will undertake complex technical assessment activities in information and cyber security, drawing accurate conclusions based on evidence and providing detailed technical, operational, professional and procedural advice.
You will work within a framework of legislation, established industry principles, work practices and procedures to ensure that ASD's mission and business objectives are met. This may involve representing the Trust & Assurance branch to Defence & Other Government Organisations' security stakeholders to ensure the TS ICT Authorisation Framework is applied consistently and coordinated.
You will be responsible for liaising with multiple projects and capability stakeholders to assist in the design and documentation of ICT system security controls, identifying relevant stakeholders' expectations and concerns to develop a clear understanding of the methodology and practices to achieve outcomes.
Your key duties and responsibilities will include:
* Undertaking complex technical assessment activities in information and cyber security
* Undertaking objective systematic analysis and drawing accurate conclusions based on evidence, providing detailed technical, operational, professional and procedural advice in relation to complex information and cyber security activities
* Working within a framework of legislation, established industry principles, work practices and procedures in accordance with ASD's mission and business objectives
* Representing ASD Trust & Assurance branch to Defence & Other Government Organisations' security stakeholders to ensure the TS ICT Authorisation Framework is applied in a consistent and coordinated fashion
* Liaising with multiple projects and capability stakeholders to assist in design and documentation of ICT system security controls
* Defining scope of the assessment, assessing the security controls and producing security assessment reports in accordance with ISM and PSPF standards
* Developing assessment briefs and presentations for senior decision makers to support capability's authorisation to operate
* Contributing to enhancement of ICT security policy and documentation, and implementing practices, technologies and governance
The ideal candidate will have:
* IRAP certification
* At least 2 years' experience as a security specialist working across security architecture, security and risk management, communication and network security or security operations domains
* Experience ensuring technical systems adhere to Essential Eight, ISM, and PSPF frameworks
* Proven ability to communicate complex technical systems to non-technical audiences
* Excellent organisational and communication skills
* Proven record building, managing, and enhancing relationships with stakeholders
* Experience developing, managing, and implementing SOPs and procedures in support of security accreditation frameworks
* SCTY 5: Provides advice and guidance on security strategies to manage identified risks and ensure adoption and adherence to standards
* INAS 5: Interprets information assurance and security policies and applies these in order to manage risks
* BURM 5: Plans and implements complex and substantial risk management activities within a specific function, technical area, project or programme
* PRGM 5: Takes full responsibility for the definition, approach, facilitation and satisfactory completion of medium-scale projects