Must have a Baseline clearance.
Job Description: Senior Security Expert
The Senior Security Expert will provide services as a senior information and cyber
security analyst, to oversee the technical implementation and delivery of a suite of priority
cyber security services to Services Australia and its partners, including the Australian
Signals Directorate (ASDs) recommended service offerings. This role is required to have
in-depth knowledge of specific ICT security models to provide expert advice on the
creation and operational maintenance of system roles, access authorisations, and
security profiles and promote the development and exploitation of ICT security
knowledge. The Senior Security Expert will be working in a small team overseen by
Agency project management.
Primary Technologies: MS-Office productivity applications, MS endpoints (server and
desktop Operating Systems) and endpoint security controls associated with ASDs
Essential Eight, DNS and other network protocols of interest to Cyber operations, Host based Intrusion Detection / Prevention Systems (HIDS/HIPS), Wintel, Linux and other
mid-range platforms, secure network and gateway service technologies.
The Senior Security Expert Key Tasks/Duties may include some or all of the following:
• Implement security/access management policies and procedures.
• Plan and implement security policies and procedures.
• Ensure security regulations are observed at all times and ICT teams follow
methodology.
• Review scheduled security reports to track and report on compliance
Perform complex risk assessments to identify high-risk access privilege assignments
and segregation of duties conflicts.
• Monitor and manage change requests to ensure that ICT systems are under change
control.
• Provide expert technical advice, support and recommendations on security best
practices.
• Manage alignment of cyber security controls with corporate level information and cyber
security requirements.
• Assess cyber security/access management policies and procedures.
• Assess and report on cyber security policies, procedures and controls relating to the
project and services.
• Oversee validation activities for cyber security projects to completion.
• Provide expert technical advice, support and recommendations on GRC best practices
in relation to government information and cyber security policy, threat and risk
management frameworks.
• Proactively share knowledge and expertise as the cyber security GRC subject matter
expert, and provide assistance and mentorship to less experienced colleagues.
• Document a range of technical / risk assessment documentation and reports including
(but not limited to):
a. Security Risk Assessments (SRA).
b. Threat and Risk Assessments (TRA).
c. Statements of Applicability (SoA).
d. Security Risk Management Plans (SRMP).
e. Privacy Impact Assessments (PIA).
• Negotiate, engage and manage relationships with other service providers to build
security services and related project delivery capability.
• Collaborate with a broad range of internal and external stakeholders to achieve project
outcomes.
• Encourage innovation, continuous improvement and manage and support change.
• Core responsibilities include:
Deliver a range of technical / risk assessment documentation and reports relating to the
delivery of cyber projects including (but not limited to):
a. Security Risk Assessments.
b. Threat and Risk Assessments.
c. Statements of Applicability.
d. Security Risk Management Plans.
e. Privacy Impact Assessments.
• Provide leadership, direction, and oversight for GRC services and activities to support
the projects.
• Manage the assessment and reporting of information and cyber security risks,
governance and compliance controls with regard to systems, processes, procedures,
tools and techniques utilised by the services.
• Provide leadership on GRC system and process management at the organisational and
business levels.
Mandatory Criteria
Demonstrated experience and success delivering governance, risk and compliance
documentation including SRA, TRA, SoA, SRMP and PIA, using Federal Government
information security policy (i.e. Information Security Manual, Protective Security Policy
Framework) and the ACSCs Cyber Security principles and guidelines and recommended
service offerings.
Demonstrated experience in supporting the delivery of strategic, contemporary cyber
security solutions
Demonstrated knowledge of industry Cyber Security frameworks, best practices and
standards.
Demonstrated knowledge of industry public cloud best practices and standards
