This is a long term contract opportunity to work within the CIO office of a large, Australian government department

The role is hybrid and can be based in Canberra or Brisbane

Job Description:

The Senior Security Specialist will be responsible for documenting the risks and security controls for current-state and target-state solutions that help to deliver an ambitious ICT transformation and modernisation agenda; a large program of work to replace several legacy systems and outdated infrastructure - across several project streams

Responsibilities:

• Conducting security architecture reviews for solutions within the scope of the program including the collection of high level security requirements, assessment of current state security architecture and proposing target state security architecture
• Development and/or review of the Statement of Applicability for solutions within the scope of the program. Determination as to whether controls (ISM and PSPF) are applicable to the assessment scope, assessment of the level of readiness and effectiveness of applicable controls and documenting comments and evidence for each control.
• Development and/or review of Security Risk Management Plans including the documentation of implemented security controls.
• Development and/or review of System Security Plans including the documentation of information security threats, vulnerabilities and risks.
• The development and/or review of technical security documentation to support procurement.
• Participation in procurement evaluation activities
• Undertake risk assessments of proposed designs and/or technology solutions
• Develop and actively manage key internal and external relationships
• Representing and explaining cyber security and architectural views in various forums.
• Liaising with vendors, ICT, and system integrators in relation to information security matters

Skills and Experience:

Essential:

• Minimum of years experience working as a Security Specialist inside complex and large scale ICT projects/programs
• Expert knowledge and experience in undertaking ICT security compliance and cyber security risk assessments - producing security documentation for both current state and target state
• Experience delivering information security solutions that meet business requirements & align with risk appetite and compliance obligations.
• Strong communication skills, with the ability to translate between business and technical terminology.
• Sound working knowledge of Federal Government security policy
• Must hold or be eligible to attain Negative Vetting 1

Desirable:

1. Relevant tertiary qualifications in Cyber Security, ICT or a related field.
2. Professional certifications in ICT security.
3. Demonstrated knowledge of Commonwealth frameworks, including ICT frameworks.
4. Previous experience with ASD Essential Eight and ASD ISM

Consultant: Colin Massey

Keywords: Senior Security Specialist, Security Consultant, ASD Essential Eight, ASD ISM, PSPF, federal government, NV1, security architecture reviews, security controls, readiness assessment, security risk assessment, security compliance