Job Summary:
We seek an experienced Information Security Specialist to support the secure handling of sensitive and regulated information through a focus on data and other security controls.
The successful candidate will be responsible for managing Data Loss Prevention (DLP) solutions, monitoring alerts, and investigating data movement anomalies and policy violations. Key responsibilities include operating and maintaining DLP solutions across endpoints, cloud services, and email platforms, as well as tuning and optimizing detection rules to minimize false positives and ensure alignment with business workflows.
Key Responsibilities:
* Operate and maintain DLP solutions to protect against data breaches and unauthorized disclosures
* Monitor alerts and investigate data movement anomalies and policy violations
* Tune and optimize detection rules to minimize false positives and ensure alignment with business workflows
* Manage third-party relationships and develop policies and procedures to mitigate risk
* Investigate suspected data exfiltration incidents or unauthorized disclosures
* Collaborate with relevant teams to manage insider risk and support disciplinary or legal processes as required
* Assist in root cause analysis and remediation planning
* Ensure controls align with regulatory requirements and industry frameworks
* Support audit and assurance activities by providing documentation and evidence of control effectiveness
* Maintain records of control operations and system configurations
* Work with data owners and business units to ensure control rules reflect information classification and data handling policies
* Support uplift against APRA CPS 234 and ISO/IEC 27001 frameworks
* Develop reporting metrics on DLP activity, incidents, and compliance gaps
* Recommend and implement control improvements based on incident trends or emerging risks
* Assist in developing user education initiatives related to secure data handling
Required Skills and Qualifications:
* Minimum 3-4 years of experience in information security, cyber operations, or compliance
* Strong understanding of data classification models and secure information handling procedures
* Experience responding to or managing data breach or insider threat investigations
* Familiarity with APRA CPS 234, ISO 27001, or NIST frameworks
* Knowledge of Australian data privacy legislation, including the Privacy Act and NDB requirements
* Experience working in regulated industries such as government, health, or financial services
Benefits:
* Competitive salary and benefits package
* Opportunities for professional growth and development
* Collaborative and dynamic work environment
About You:
* Passionate about information security and cybersecurity
* Strong analytical and problem-solving skills
* Excellent communication and interpersonal skills