Job Title: ICT Security Specialist
About the Role:
This is an exciting opportunity for a highly skilled and motivated ICT Security Specialist to join our team. As a subject matter expert, you will exercise sound decision making and judgement to provide expert policy advice on ICT security matters.
You will have in-depth knowledge of the ICT service delivery function and be responsible for the development, implementation, compliance and review of policies and procedures relevant to your work within that function area.
You will engage in very complex problem solving and issues management and may coordinate and perform detailed or sensitive projects that impact on strategic, political or operational outcomes for the agency.
Key Responsibilities:
1. Manage allocated resources, set work priorities and manage workflows to ensure accurate completion of work within timeframes and quality requirements.
2. Audit work for accuracy and completeness, share own expertise with others and guide and mentor less experienced employees.
3. Develop and implement strategies and evaluate business outcomes to ensure continuous improvement in the delivery of ICT security.
4. Conduct risk assessments, business impact analysis and assurance for information systems within the organisation.
5. Analyse security risks and business impacts and provide guidance on security strategies to manage identified risks.
6. Stay up-to-date with general security issues and apply this knowledge to IT security risk analysis.
7. Communicate complex risks to managers and other peers.
8. Engage with internal and external stakeholders from other technical specialties to share and develop ICT security policy.
9. Evaluate the adequacy and effectiveness of the Australian Signals Directorate's approach to risk in the use of ICT.
10. Assess and resolve identified security incidents in accordance with established procedures and recommend any required actions or policy amendments.
11. Interpret security policy and contribute to the development of standards and guidelines.
Requirements:
1. Certified as an Infosec Registered Assessors Program (IRAP) Assessor.
2. At least 3 years' experience as a security specialist working across security architecture, security and risk management, communication and network security or security operations domains.
3. Experience ensuring technical systems adhere to Essential Eight, ISM, and PSPF frameworks.
4. Excellent organisational and communication skills.
5. Proven record building, managing, and enhancing relationships with stakeholders.
6. Experience developing, managing, and implementing SOPs and procedures in support of security accreditation frameworks.
Desirable: Bachelor's degree in Information Technology or related field.
Essential Criteria:
1. SCAD 5 - Security operations: Level 5 (SFIA) Monitors the application and compliance of security operations procedures. Reviews actual or potential security breaches and vulnerabilities and ensures that they are promptly and thoroughly investigated. Recommends actions and appropriate control improvements. Ensures that security records are accurate and complete and that requests for support are dealt with according to agreed procedures. Contributes to the creation and maintenance of policy, standards, procedures and documentation for security.
2. SCTY 5 - Information security: Level 5 (SFIA) Provides advice and guidance on security strategies to manage identified risks and ensure adoption and adherence to standards. Contributes to development of information security policy, standards and guidelines. Obtains and acts on vulnerability information and conducts security risk assessments, business impact analysis and accreditation on complex information systems. Investigates major breaches of security, and recommends appropriate control improvements. Develops new architectures that mitigate the risks posed by new technologies and business practices.
3. INAS 5 - Information assurance: Level 5 (SFIA) Interprets information assurance and security policies and applies these to manage risks. Provides advice and guidance to ensure adoption of and adherence to information assurance architectures, strategies, policies, standards and guidelines. Plans, organises and conducts information assurance and accreditation of complex domains areas, cross-functional areas, and across the supply chain. Contributes to the development of policies, standards and guidelines.
Desirable criteria:
1. PBMG 4 - Problem management: Level 4 (SFIA) Initiates and monitors actions to investigate and resolve problems in systems, processes and services. Determines problem fixes and remedies. Collaborates with others to implement agreed remedies and preventative measures. Supports analysis of patterns and trends to improve problem management processes.
We are looking for candidates who possess strong written and verbal communication skills, a desire to be accountable for their actions, strong stakeholder management skills, leadership behaviours, a willingness to challenge traditional ways of doing business, the ability to thrive in dynamic environments and comfortable with ambiguity, an outcome-focused mindset, adaptability, resilience, flexibility and teamwork. Please provide a brief explanation of your experience covering these attributes.