| Qualifications and Experience | |
| Qualifications | Essential: · Cyber Security Industry certifications (SANS, CISSP, CISM, OSCP, CEH) · Certified IRAP Assessor Certified SAFe® Practitioner (mandatory for all COSPO personnel – can be completed upon engagement). Desirable: · Bachelor’s degree in relevant field (eg, Computer Science, Information Systems, Cybersecurity) or equivalent +5 years industry experience. |
| Experience | Essential: · Completed a full IRAP assessment for a Federal Government Agency · Significant experience conducting security assessments and risk management at an Enterprise scale. · Demonstrated security experience within complex ICT environments · Experience working within the Defence Environment · Demonstrated understanding of the Protective Security Policy Framework (PSPF), the Australian Government Information Security Manual (ISM), and other Australian Government security guidance and advice Desirable: · Knowledge, experience of, and relationships within the technology industry · Delivery of technology to support regulatory decision-making processes. · Experience delivering to the Australian Government Digital Service Standard · Demonstrated experience in and understanding of information technology and/or cyber security. · Understanding of international security standards such as Security Technical Implementation Guides (STIG), Center for Internet Security (CIS) and NIST. |
| Responsibilities | · Security threat and risk assessment identification and development of security accreditation with certification report. · IRAP Assessments of proposed ICT designs and solutions · Re-evaluate accreditation documents when accreditation timeframes lapse or a system/environment change requires a re-evaluation · Provide security advice relating to accreditation documents. This will be required and requested by the Commonwealth on an ad hoc basis as COSPO requires it. · Other Security Artefacts or COSPO policies as requested by the Commonwealth. · Stakeholder management and communication of security concepts to non-technical audiences both verbally and in writing. · Manage, develop and support complex relationships with stakeholders to achieve work area goals |
| Security Clearance | · The ability to obtain and maintain an Australian Government Security Vetting Agency NV 1 security clearance. · Must be an Australian citizen. |
| Capability Profile | |
| Skills | Essential: · Excellent communication skills; both written and verbal · Ability to build and sustain productive and collaborative working relationships · Ability to work in a multi-disciplined team environment · Strong problem solving and conflict resolution skills · Pragmatic judgement in working with multiple authorities (ICTSB and COSPO) · Flexible and able to adapt changing business needs · Stakeholder management in complex matrixed structures
Desirable: · NIL |
| Knowledge | Essential: · Completed a full IRAP assessment for a Federal Government Agency · Significant experience conducting security assessments and risk management at an Enterprise Level · Demonstrated security experience within complex ICT environments · Knowledge, experience of, and relationships within the technology industry. · Demonstrated understanding of the Protective Security Policy Framework (PSPF), the Australian Government Information Security Manual (ISM), and other Australian Government security guidance and advice.
Desirable: · Understanding of international security standards such as Security Technical Implementation Guides (STIG), Center for Internet Security (CIS) and NIST. |
Menu
