Location: ACT, QLD, VIC, WA
LH-01721
Security Clearance: Australian Citizen must be able to obtain Positive Vetting
Job Description:
ICT Security Specialists will exercise a considerable degree of independence and perform a subject matter expert role. They will exercise sound decision making and judgement to provide expert policy advice. They will have in-depth knowledge of the ICT service delivery function and are responsible for the development, implementation, compliance and review of policies and procedures relevant to their work within that function area. They will engage in very complex problem solving and issues management and may coordinate and perform detailed or sensitive projects that impact on strategic, political or operational outcomes for the agency.
Job Duties and Responsibilities may include:
1. Accountable for managing allocated resources, setting work priorities and managing workflows to ensure accurate completion of work within timeframes and quality requirements.
2. Accountable for accurate completion of work within timeframes and quality requirements, sharing own expertise with others and guiding and mentoring less experienced employees.
3. Lead the development and implementation of strategies and the evaluation of business outcomes to ensure continuous improvement in the delivery of ICT security.
4. Deliver risk assessments, business impact analysis and assurance for information systems within the organisation.
5. Analyse security risks and business impacts and provide guidance on security strategies to manage identified risks.
6. Maintain knowledge, skills and experience of general security issues and apply to IT security risk analysis.
7. Communicate risks of a complex nature to managers and other peers.
8. Engage with internal and external stakeholders from other technical specialties to share and develop ICT security policy.
9. Identify areas of risk and evaluate the adequacy and effectiveness of the Australian Signals Directorate's approach to risk in the use of ICT.
10. Assess and resolve identified security incidents in accordance with established procedures and recommend any required actions or policy amendments.
11. Interpret security policy and contribute to the development of standards and guidelines.
Technical Skills:
1. Certified as an Infosec Registered Assessors Program (IRAP) Assessor.
2. At least 3 years' experience as a security specialist working across security architecture, security and risk management, communication and network security or security operations domains.
3. Experience ensuring technical systems adhere to Essential Eight, ISM, and PSPF frameworks.
4. Excellent organisational and communication skills.
5. Proven record building, managing, and enhancing relationships with stakeholders.
6. Experience developing, managing, and implementing SOPs and procedures in support of security accreditation frameworks.
Desirable: Bachelor's degree in Information Technology or related field.
Essential Criteria:
1. SCAD 5 - Security operations: Level 5 (SFIA) Monitors the application and compliance of security operations procedures. Reviews actual or potential security breaches and vulnerabilities and ensures that they are promptly and thoroughly investigated. Recommends actions and appropriate control improvements. Ensures that security records are accurate and complete and that requests for support are dealt with according to agreed procedures. Contributes to the creation and maintenance of policy, standards, procedures and documentation for security.
2. SCTY 5 - Information security: Level 5 (SFIA) Provides advice and guidance on security strategies to manage identified risks and ensure adoption and adherence to standards. Contributes to development of information security policy, standards and guidelines. Obtains and acts on vulnerability information and conducts security risk assessments, business impact analysis and accreditation on complex information systems. Investigates major breaches of security, and recommends appropriate control improvements. Develops new architectures that mitigate the risks posed by new technologies and business practices.
3. INAS 5 - Information assurance: Level 5 (SFIA) Interprets information assurance and security policies and applies these to manage risks. Provides advice and guidance to ensure adoption of and adherence to information assurance architectures, strategies, policies, standards and guidelines. Plans, organises and conducts information assurance and accreditation of complex domains areas, cross-functional areas, and across the supply chain. Contributes to the development of policies, standards and guidelines.
Desirable criteria:
1. PBMG 4 - Problem management: Level 4 (SFIA) Initiates and monitors actions to investigate and resolve problems in systems, processes and services. Determines problem fixes and remedies. Collaborates with others to implement agreed remedies and preventative measures. Supports analysis of patterns and trends to improve problem management processes.
Our ideal candidates will bring the following attributes:
• Strong written and verbal communication skills;
• Desire to be accountable for their actions;
• Strong stakeholder management skills;
• Demonstrate leadership behaviours;
• Willing to challenge the traditional ways of doing business;
• Thrive in dynamic environments and comfortable with ambiguity;
• Outcome-focused mindset; and
• Adaptability, resilience, flexibility and teamwork, including regionally dispersed teams, if applicable. Please provide a brief explanation of your experience covering these attributes. (Guide – 300 to 400 words.)
#J-18808-Ljbffr