Educational requirements: Bachelor
English requirements: Competent English
Requirements for skilled employment experience for years: 1-3 years
Required residence status: Temporary visa, Permanent resident, Citizen
Accept remote work: unacceptable
What we will expect you to do:
Define, develop, and implement IT Security policies and operational practices for your region, working collaboratively with our wider Information and Cyber Security team to ensure fit for purpose standards, operational disciplines, and controls to minimise risk.
Audit, review, and report on IT Security related assessments of current and prospect platforms or suppliers, assessing levels of risk relating to our products, cloud, and support services.
Identify & report key security risks and mitigating controls, producing high quality documentation to articulate and report those risks along with proposed solution in appropriate risk forums.
Demonstrate a good understanding of the Essential Eight Maturity Model
Responsible for the management of compliance through communication of IT Security & Cyber Awareness training, periodic testing, with reviews on the effectiveness of training material where appropriate.
Ensure information security, resiliency and data privacy risk assessments are effectively undertaken, providing a healthy culture and good practice towards our data security.
Ensure third parties, suppliers and partners have the same effective policies and controls in place, with security by design at the forefront to protect the confidentiality, integrity, and availability of business data
Supporting the business with tender responses, business development opportunities, ad-hoc client & third-party due diligence, and pre-qualification questionnaires.
A strong track record in negotiating and managing internal and external stakeholders and third parties, using every contact with internal customers to build sustainable relationships, with an ability to clearly communicate our security posture.
An ambassador of our IT Security culture creating thought-provoking communications that resonate with different and diverse audiences, with the ability to clearly communicate security risks and mitigations.
We’re looking for someone with:
Previous career experience working in Information Security
Appropriate qualifications in information systems, security, and compliance
Broad transferable expertise in important technology and security frameworks, controls & standards
Experience with Disaster Recovery plans, processes and practical tests/execution and security implications
Experience defining and working with others to execute a security strategy within an organisation
A solid awareness of technology principles & capabilities that support and underpin cyber and information security.
We’d also be interested in hearing if you have the following desirable qualities:
Existing Security clearances for Australia
Experience working with government clients
Awareness of Cyber Essentials Plus, NIST CSF, CIS Controls (v8), CMMC v1
Accreditations in one or more of ITIL, CISSP, CISA or CISM
An understanding of ISO frameworks and deliverables to support gap analysis and provide recommendations for the attainment and retention of ISO standards, e.g. ISO27001.
