ICT Security Specialists – Assessor (Multiple)
13th October, 2022

Must hold an NV1 clearance


ICT Security Specialists (Assessors) are required to undertake complex technical assessment activities in information and cyber security.  Activities will include undertaking system analysis and drawing accurate conclusions based on evidence. Providing detailed technical, operational, professional and procedural advice in relation to complex information and cyber security activities. These may include software development, system administration, incident response, cyber forensics, specialist electronics and engineering, mathematics and vulnerability analysis and research.


The specialists will have considerable stakeholder engagement skills and will be required to identify stakeholders’ expectations and concerns to develop a clear understanding of the methodology and practices to achieve outcomes.


Skills & Knowledge (desired)

o Certified Infosec Registered Assessors Program (IRAP) Assessor.

o Experience in identifying and applying security controls to large scale, complex ICT systems.

o Experience in designing complex information communication systems.


Major Responsibilities


o Liaise with multiple projects and capability stakeholders to assist in design and documentation of ICT system security controls.

o Define scope of the assessment, assess the security controls and produce security assessment reports in accordance with ISM and PSPF standards.

o Develop assessment briefs and presentations for senior decision makers to support capability’s authorisation to operate.

o Contribute to enhancement of ICT security policy and documentation, and implement practices, technologies and governance.

o Role will require some travel and may require some role-specific interstate travel.


Essential criteria

2. Demonstrated security experience within complex ICT environments including: a. completed a full IRAP assessment for a Federal Government Agency, and
b. Possess significant experience of security assessment and risk management at an Enterprise scale.
3. Demonstrated understanding of the Protective Security Policy Framework (PSPF), the Australian Government Information Security Manual (ISM), and Other Australian Government security guidance and advice.
Desirable criteria
1. Current knowledge, experience of, and relationships within the ICT technology industry.