Must have a minimum of NV2.
Position: Security Certification and Accreditation Lead Specialist
SFIA Level – SCTY Level 5
The Security Certification and Accreditation Lead Specialist will be required to perform and/or have responsibility and duties including, but not limited to:
Primary WSO PoC for ICTSB liaison
Core security documentation producing the ongoing certification and accreditation required by the WSO in support of all certification and accreditation requirements.
Assessment and selection of monitoring solutions, to deliver continuous monitoring, live monitoring and ongoing assurance of compliance security checks against relevant doctrine and standards (for example, current ISM requirements).
Provide advice and consultation in the development and ongoing operation of the WSO DevSecOps.
Providing security-focused advice and guidance to the WSO in support of mandatory system review activities of all WSO networks.
Contributing, managing and maintaining security artefacts and documentation directly impacting WSO environments, including, but not limited to:
o Security Management Plan (SMP)
o System Security Plan (SSP)
o Cyber Security Incident Response Plan (CSIRP)
o Statement of Applicability (SOA)
o Penetration Testing Plan
o Continuous Monitoring Plan (CMP)
Key Management Plan (KMP)
Required Skills and Experience:
A minimum of 10 years of experience in security systems assessments or a related field.
Must hold at least one of the following; CISA, CRISC, GSNA, ISO 27001 Lead Auditor or PCI QSA certification.
Must hold at least one of the following; CISM, CISSP or GSLC certification.
Demonstrated understanding of NIST SP-37 Rev.2
Demonstrated understanding of NIST SP-137
Desirable Skills and Experience
Experience undertaking security assessments in Commonwealth Government context.
Demonstrated understanding of the Protective Security Policy Framework (PSPF).
Demonstrated understanding of the Australian Government Information Security Manual (ISM).
Demonstrated security experience within complex ICT environments.
ASD certified IRAP assessor
Experience working with Cross Domain Solutions, Gateways, and Cloud.
Demonstrated understanding of Defence Security Principles Framework.