Irap Assessor

**Application closing date**: Thursday, 15 February 2024 - 11:59pm, Canberra time (in Canberra)

**Estimated start date**: Friday, 01 March 2024

**Location of work**: QLD

**Length of contract**: 12 Months

**Contract extensions**: 2 x 12 months

**Security clearance**: Must have Negative Vetting Level 1

**Rates**: $140 - $170 per hour (inc. super)

An IRAP Assessor is a certified Security Analyst role required to understand, assess, and communicate cyber security controls protecting Government ICT Systems so informed decisions can be made regarding associated cyber security risk.

The IRAP Assessors will be required to assess and document system security controls to meet the Protective Security Policy Framework (PSPF) and Information Security Manual (ISM) requirements on behalf of the Agency and shared services partners.

The assessors will be required to undertake Agency system authorisation documentation and risk statements when there is no conflict of interest with an IRAP assessment. It is a Government and Agency requirement that certain critical systems undergo an independent security assessment conducted by an IRAP Assessor.

They will provide an independent security assessment report (commonly referred to as an IRAP report), which is used to assess a systems suitability and risk. The IRAP Assessor must be certified by ASD and is required to prove their experience and qualifications.

Key Tasks/Duties:

- Identify, test, and assess applicable security controls in line with the Australian Government PSPF, ISM and Agency policies and guidelines.
- Analyse and document security risk and recommend treatments and modifications to security practices and procedures using expertise and technical knowledge.
- Contribute to the system authorisation program of work, system projects and programs, by developing or reviewing security artefacts, including Threat and Risk Assessments and System Security Plans.
- Manage, develop and support complex relationships with stakeholders to achieve work area goals.
- Manage and maintain the agreed service levels.
- Assist with the development and implementation of security policies, procedures, projects, and strategies.
- Continuously work to improve the efficiency and effectiveness of the cyber security service.
- Educate and inform Agency staff to promote understanding and ensure adherence to security policy and processes

**Essential Criteria**
- Must be a Certified Australian Signals Directorate (ASD) IRAP Assessor.
- Extensive demonstrated experience with risk and information security frameworks, policies and standards, including the Federal Government PSPF and ISM, and international standards (ISO 27001/2).
- Demonstrated working experience in security threat and risk assessment and development of security authorisation artefacts.

**Desirable Criteria**
- Demonstrated security experience within complex ICT environments.
- Strong stakeholder management skills, and the ability to communicate security concepts to non-technical audiences both verbally and in writing.
- Demonstrated experience in Federal Government.
- Understanding of global Cyber Security trends, attack vectors and techniques.
- Relevant tertiary or other relevant qualifications.