Our client is a Canberra based Fed Gov Agency.
Based in Canberra and requiring NV1 clearance, the Cyber Security Governance, Risk and Compliance Assurance Specialist will provide guidance on the application of security controls, performing security risk and business impact analysis and identifying risks.
The ideal candidate will have a strong technical background and relevant risk assessment qualifications such as CISSP or CCSP and a deep understanding of cyber threats facing Government.
Key Responsibilities will include:
* Conduct comprehensive risk assessments across IT systems, applications, and third-party vendors.
* Evaluate and monitor compliance with Australian Government requirements such as the PSPF, ISM, and Essential Eight, and apply additional oversights from international frameworks such as ISO 27001, NIST, and GDPR.
* Develop and maintain cybersecurity policies, standards, and procedures.
* Perform gap analyses and recommend remediation strategies.
* Collaborate with internal stakeholders to ensure alignment with security governance objectives.
* Support audits and certification processes (e.g., IRAP assessments).
* Monitor and report on the effectiveness of security controls.
* Stay current with emerging threats, technologies, and regulatory changes.
* Prepare comprehensive reports for business and senior executive, translating complex technical findings into clear, actionable treatments and recommendations.
Essential criteria:
1. Demonstrated experience in authoring ICT system authorisation documentation including but not limited to: Security Risk Management Plans (SRMPs), System Security Plans (SSPs), and Standard Operating Procedures (SOPs).
2. Experience in technical ICT areas such as system administration, software development, and cloud computing.
3. In-depth knowledge of Australian Government cyber security standards, such as the Protective Security Policy Framework (PSPF) and Information Security Manual (ISM).
4. Familiarity with one or more: AWS, Azure, Kubernetes, Identity and Access Management.
5. Minimum current active NV1 security clearance.
Desirable criteria
1. Knowledge of emerging threats and international frameworks such as NIST, GDPR, and/or PCI DSS.
2. Ability to communicate complex information to both technical and non-technical stakeholders.
3. Understanding of data protection, privacy legislation, and compliance requirements.
This role will be an initial 12 months contract to start around 20th October
Role will close on 24 September
Please email your application to Silvia at Balance Recruitment