**The Cyber Security and Design team works closely with solution architects and project Risk staff to manage risk, design and implement the security aspects of ICT solutions for the QPS. This includes activities such as:
* Management of the Information Security Management System (ISMS)
* Risk & Vulnerability Management
* Security solution design, build and implementation
* Security advice and guidance
* Threat risk assessments
* Facilitation of penetration testing
* Tier 3 problem resolution support.
The Principal Information Security Specialist (Risk) will play a pivotal role in developing and implementing frameworks, policies and procedures aligned with Queensland Government and best practices. This role will engage with various stakeholder including audit compliance and risk committees.
Your key accountabilities
The core capability requirements for this role are:
* Provide expert strategic, tactical and operational advice which ensures the confidentiality, integrity, availability, accountability and compliance of all QPS information assets which complies with IS18.
* Provide input and assistance to, and monitor new projects and system implementations, including strategic and operational plans for security and associated infrastructure within QPS systems and services, ensuring compliance with relevant governance and legislation.
* Participate in designing, capacity planning, configuration management, administration, change management, documentation and support of security technologies within QPS.
* Provide technical leadership and mentoring to a team of information security and access specialists to monitor, investigate, contain, eradicate, recover, document and report on security events/incidents/vulnerabilities.
* Critically assess existing IT policies, standards and procedures and develop new policies, standards and procedures as required.
* Conduct forensic investigations, risk and vulnerability assessments and develop reports on findings, providing both strategic and tactical advice including working with key stakeholders to make recommendations on remediation and mitigation of future risks.
* Maintain, update and continually expand knowledge of developments and trends within the network and information security industry and evaluate the benefit and applicability to QPS systems.
Role Requirements
Qualification
* Tertiary qualifications in Computer Science or equivalent and/or Information Security industry certifications such as GIAC (GSE, GDSA), CISSP, SABSA, TOGAF, CEH, OSCP, CCSP, CISM, Cloud Architecture Certification (AWS, Azure) and security vendor specific certifications.
Technical/ Operational/ Educational experience
* 5+ years of demonstrated experience in managing governance, compliance and risk.
* Demonstrated experience in assessing risk and utilising security control frameworks such as the ASD ISM, NIST, PSPF, Essential8 and ISO27000 series of security management standards.
* Demonstrated experience in conducting SMS implementation and audit management.
* Demonstrated experience in the development and management of information security policies, standards and procedures.
* Experience in conducting vendor risk assessments against agency security requirements.
Other
* Strong verbal and written communication skills.
Applications to remain current for 12 months.This work is licensed under a Creative Commons Attribution 3.0 Australia License.**