Candidates must be able to obtain and maintain an Australian Government Security Vetting Agency NV1 security clearance (must be an Australian citizen).

Qualifications

Essential:

• Degree qualification in Information Technology, Computer Science, or related field or relevant industry experience in Engineering or Information Technology that is transferrable to the security domain

Desirable:

• Information Security Registered Assessors Program (IRAP) certification or equivalent experience
• CISSP, CISM or ISO27001:2013 Lead Auditor

Experience

Essential

• Demonstrated knowledge in conducting security assurance activities against ISM or related information security policy frameworks
• The preparation of security artefacts (Security Risk Management Plan (SRMP), Statement of Applicability (SOA), System Security Plan (SSP), System Overview Document (SOD), Standard Operating Procedures (SOPs) and Incident Response Plan (IRP)
• Ability to work under limited supervision to achieve assurance outcomes
• Well-developed analytical and conceptual skills

Desirable

• Australian government and/or Defence experience
• Experience in planning, analysis, development and maintenance of security plans, pre-certification or interim authority to operate deliverables
• Experience in delivering security assurance services within agile-based projects
• Experience and knowledge of contemporary technologies
• Experience in delivery of cyber security services at the solution engineering level to projects and programs of work
• Strong executive briefing skills
• Experience of conducting threat modelling
• Experience working within enterprise technology delivery teams
• Experience in delivery of cyber security advisory services at the solution engineering level to projects and programs of work