Client Description
Australian Federal Government Agency - ACT and NSW locations
Role Description
This is a contract role for an IRAP Assessor. The Client is seeking an experienced Lead Cyber Security Advisor to oversee and manage security requirements and documentation updates in preparation for an upcoming IRAP (Information Security Registered Assessors Program) assessment. This role is essential for ensuring compliance with the Australian Government Information Security
Manual (ISM) and supporting secure service delivery across the BuyICT platform. The appointed specialist will work closely with the team to provide expert guidance, ensure security controls remain current, and identify any new controls required to maintain compliance.
* Deliver expert cyber security advice and guidance to the Sourcing Platforms team.
* Interpret the platform's current security controls against updated ISM and SSPA controls (including changes made quarterly by ASD) and identify new controls required for compliance.
o Update and maintain key security documentation, including:
o Security Risk Management Plan (SRMP)
o System Security Plan (SSP)
o System Security Plan Annex (SSPA)
o Continuous Monitoring Plan
o Change Management Plan
o Disaster Recovery and Business Continuity Plan
o Incident Response Plan
* Support platform security enhancements and recommend measures to mitigate risks, thereby strengthening the platform's security posture.
Qualifications & Experience
* Certified ASD IRAP Assessor and a minimum of five years' technical ICT experience with at least two years dedicated to information security for systems governed by the ISM and related publications.
* Proficiency in implementing the Australian Cyber Security Centre's Essential 8 strategies.
* Demonstrated ability to identify, analyse, and resolve infrastructure vulnerabilities and application security issues.
Selection Criteria
The buyer has specified that each candidate must provide a response to each criterion. Each response is limited to 3000 characters.
Essential criteria
1. Specialist advice level 5 Provides definitive and expert advice in their specialist area. Actively
maintains recognised expert level knowledge in one or more identifiable specialisms. Oversees the
provision of specialist advice by others. Consolidates expertise from multiple sources, including third-
party experts, to provide coherent advice to further organisational objectives. Supports and promotes
the development and sharing of specialist knowledge within the organisation. (40%)
1. Secure Operations Management level 4 Develops or operates security management procedures and processes without close supervision. Monitors the application of Security Operating Procedures
without close supervision. (35%)
1. Policy and Standards level 4 Incorporates recent advances in Information Security into existing policies and standards without supervision; manages teams working on policies and standards,
mentoring as appropriate. (25%)