Educational requirements: Bachelor
English requirements: Competent English
Requirements for skilled employment experience for years: 3-5 years
Required residence status: Temporary visa, Permanent resident, Citizen
Accept remote work: unacceptable
You will need to hold an appropriate formal qualification such as CRISC, CISSP, CISM, ISO 2700 Lead Auditor or similar and have 6 - 8 years' experience delivering professional IT services.
Key responsibilities:
Developing security governance and risk management strategies, frameworks, policies, standards and metrics to measure the overall maturity in alignment with business priorities and their strategic objectives. Engage with clients providing advice on areas such as cloud computing governance and risk, mobile device threats and management, third party security and identity management for example. Undertake detailed risk assessments, including liaising with and reporting to senior business and IT and executive board level management Stay abreast of contemporary cybersecurity related threats and associated controls at the people, process, and technology levels Recommend, assess, and utilise best practice, industry standard and regulatory requirements for information security, such as those prescribed by 27001, the NIST Cybersecurity framework and the Australian Government Information Security Manual (ISM) as appropriate Assist on projects to provide Business Continuity and Disaster Recovery advisory services and develop organisation-wide plans and procedures to meet business requirements Work across multiple client engagements in your core areas of capability and identify further consulting opportunities both within Cyber and across Comunet’s capabilities. Liaise with technical and solution vendors and partners on behalf of customers
What we are looking for:
Comprehensive knowledge and experience consulting with the following frameworks: ISO 27001, NIST CSF, Essential 8, ISM, PSPF Develop management and user level cyber security policy and procedural documents as defined by these standards Experience in IT risk and information security management consulting Understanding of security and risk processes in the project lifecycle and systems development methodologies Experience in creating Business continuity and disaster recovery strategies, plans and procedures to meet business requirements, including conducting business impact assessments Providing direction to a range of technical staff and vendors in the delivery of IT solutions to deliver business outcomes Successfully contributing to and participating in multidisciplinary project teams in order to achieve outcomes within time and cost limitations Demonstrated skills in analytical, written and presentation skills applicable to preparing reports, submissions and briefings regarding strategic issues Delivering consulting projects within commercial budget and time constraints while aligning with group, company and team targets and objectives Integrity and professionalism and the ability to act independently in making decisions to achieve project outcomes Substantial experience in dealing with business and other stakeholders in providing security and risk advice across projects in a rapid solution design and development environment Experience providing senior consultancy services, working autonomously, leading and mentoring junior staff members, accountability of billable time
Expected Experience and Expertise:
Excellent organisational and communication skills (verbal and written) required Experience working with Cyber Security Analysts Excellent business acumen Experience communicating with Boards, C-Suite, Business Owners and Managers Experience performing risk-based assessments on business information systems Understanding of application layer firewalls, networking concepts and enterprise SOC Tools Understanding of Microsoft Windows Active Directory environments Experience working on environments such as AWS, Office365, Azure, Exchange & SharePoint services, and Microsoft Teams Familiarity with security solutions like Firewalls, Anti-Virus, EDR, Anti-Spam/Email Filtering and Data Loss Prevention
