Security Certification and Compliance
13th September, 2023

Must have a minimum of NV2.


Position: Security Certification and Accreditation Lead Specialist
SFIA Level – SCTY Level 5

The Security Certification and Accreditation Lead Specialist will be required to perform and/or have responsibility and duties including, but not limited to:

 Primary WSO PoC for ICTSB liaison

 Core security documentation producing the ongoing certification and accreditation required by the WSO in support of all certification and accreditation requirements.

 Assessment and selection of monitoring solutions, to deliver continuous monitoring, live monitoring and ongoing assurance of compliance security checks against relevant doctrine and standards (for example, current ISM requirements).

 Provide advice and consultation in the development and ongoing operation of the WSO DevSecOps.

 Providing security-focused advice and guidance to the WSO in support of mandatory system review activities of all WSO networks.

 Contributing, managing and maintaining security artefacts and documentation directly impacting WSO environments, including, but not limited to:

o Security Management Plan (SMP)
o System Security Plan (SSP)
o Cyber Security Incident Response Plan (CSIRP)
o Statement of Applicability (SOA)
o Penetration Testing Plan
o Continuous Monitoring Plan (CMP)


 Key Management Plan (KMP)

Required Skills and Experience:

 A minimum of 10 years of experience in security systems assessments or a related field.

 Must hold at least one of the following; CISA, CRISC, GSNA, ISO 27001 Lead Auditor or PCI QSA certification.

 Must hold at least one of the following; CISM, CISSP or GSLC certification.

 Demonstrated understanding of NIST SP-37 Rev.2

 Demonstrated understanding of NIST SP-137

Desirable Skills and Experience

 Experience undertaking security assessments in Commonwealth Government context.

 Demonstrated understanding of the Protective Security Policy Framework (PSPF).

 Demonstrated understanding of the Australian Government Information Security Manual (ISM).

 Demonstrated security experience within complex ICT environments.

 ASD certified IRAP assessor

 Experience working with Cross Domain Solutions, Gateways, and Cloud.

 Demonstrated understanding of Defence Security Principles Framework.

You can’t apply as it’s expired.