About us:

Securus Consulting Group, founded in 2020 and headquartered in Canberra, is a 100% Australian-owned consultancy specialising in cyber security, technical assurance, and governance, risk and compliance (GRC) solutions. We partner with government, defence, national security, and critical infrastructure clients to deliver mission-critical capabilities. Our five service pillars—Digital Solutions, Securus Labs, Cyber Assurance, Cyber Supply Chain Risk Management, and Managed ICT Services—provide end-to-end support, from high-assurance product evaluations and risk assessments to GRC platform design, implementation, and sustainment. Leveraging deep defence and industry expertise, we protect and enable secure operations while aligning with our clients' strategic objectives

Location: Canberra

Security clearance: Australian citizenship and a minimum NV1 clearance

Role overview:

We are supporting Defence with undertaking Cyber Security assessments, validation of controls and remediation for classified systems. The role requires experience with defence security frameworks, and previous experience in conducting security assessments, and security documentation such as SSP and SRMP, and supporting complex Defence Authority to Operate approvals.

We are ideally looking for a permanent employee for this role, with an attractive salary package on offer.

In this role, you will:

· Assess and evaluate the effectiveness of security controls across systems and their operating environments.

· Produce comprehensive assessment reports outlining scope, risks, strengths/weaknesses, threats/vulnerabilities, and recommended remediation actions.

· Provide cyber security advice and guidance to stakeholders through meetings and workshops.

· Support Directorate reporting, briefings, and compliance with Defence, DCIAB, and CSAA principles.

· Assist in achieving Authority to Operate (ATO) requirements for assessed systems.

To be successful, you will have demonstrated experience in:

· Defence or Federal Government GRC roles

· ICT system assessment and authorisation review and approvals.

· Minimum of 3 years' experience in ICT system assessment and authorisation is required

· Strong working knowledge of Australian cybersecurity frameworks and policies, including:

ASD ISM

DSPF

PSPF

Essential 8 Maturity Model

NIST SP 800

Preferred applicants will hold industry certifications such as:

· CISSP (Certified Information Systems Security Professional)

· CRISC (Certified in Risk and Information Systems Control)

· CISM (Certified Information Security Manager)