Cyber Security Expert Required

Senior Cyber Security Expert Wanted

We are seeking an experienced Senior Cyber Security Expert to promote our cybersecurity strategy, lead key initiatives, and safeguard our technology environment. This is a pivotal role, working closely with various teams to ensure robust protection of our data, systems, and networks.

The Senior Cyber Security Expert will take ownership of establishing and maintaining security policies, procedures, and operational standards to protect both IT and OT assets. You will be responsible for the design, implementation, and administration of security tools and processes, as well as managing cyber risks across various projects. Your expertise will help in responding to incidents, supporting audits, and ensuring compliance with industry standards such as NIST, ISO27001, and ASD.

In this role, you'll lead security initiatives, contribute to disaster recovery plans, and continuously improve security measures, ensuring the integrity, confidentiality, and availability of systems and data. You will also work closely with stakeholders across the organization, helping to make strategic cybersecurity decisions while fostering a culture of security best practices.

• Provide expert guidance on cybersecurity projects, ensuring the timely delivery and maintenance of security operations.
• Ensure that cyber incidents are promptly responded to and remediations are executed according to service level agreements (SLAs).

Cyber Technical Capabilities:

• Act as the technical point of escalation for all security-related controls and concepts.
• Lead the implementation of cybersecurity best practices within projects and guide key stakeholders on security architecture best practices.
• Review and implement security policy and configurations, ensuring compliance with frameworks like CIS, SIEM, Palo Alto Firewalls, and more.

Cyber Governance & Operations:

• Conduct risk assessments to identify and mitigate internal and external security threats.
• Oversee outsourced security operations, ensuring SLAs and KPIs are met.
• Implement cyber hardening techniques and continuously monitor security measures for IT and OT systems.
• Ensure all security tools are configured according to best practices and managed throughout their lifecycle.

Incident, Problem & Change Management:

• Lead rapid response and investigation into security incidents, ensuring appropriate mitigation measures are taken to reduce the impact.
• Manage changes to security configurations, policies, and procedures, ensuring minimal disruption to ongoing operations and project lifecycles.

Cyber Supply Chain Risk & Vendor Management:

• Manage third-party vendors and partners providing security services or solutions, ensuring compliance with agreed security standards.
• Monitor and manage cybersecurity risks associated with external vendors throughout the lifecycle.

Security & Compliance:

• Develop and implement a NIST-based cybersecurity strategy, ensuring alignment with organizational goals.
• Conduct ongoing monitoring of security events and ensure timely, effective responses to emerging threats.
• Oversee security and compliance audits, ensuring that internal policies and external regulations are met.

Information Security:

• Develop and enforce information security policies and standards that govern the confidentiality, integrity, and availability of organizational data.
• Establish and implement data classification and security protocols across the business.
• Manage the security of on-premises and cloud environments.
• Ensure proper implementation of network segmentation, VPN security, and Zero Trust models.
• Maintain and refine cloud security policies and standards for Azure.

Disaster Recovery & Business Continuity:

• Ensure that business continuity and disaster recovery plans incorporate appropriate security measures.
• Lead the testing of the Business Continuity Plan (BCP) and Disaster Recovery (DR) strategies to ensure business functions are protected in case of cyber incidents.
• Drive the implementation and improvement of cybersecurity processes and procedures.
• Ensure the continuous updating and sharing of security knowledge, best practices, and compliance standards across the organization.
• Lead ongoing improvements to security processes, ensuring they evolve in line with changing regulations and industry best practices.

To excel in this role, you will have:

• Experience: 10-15 years of experience in cybersecurity or information security roles, including network security and system security.
• Significant experience in cybersecurity governance, risk management, and compliance.
• Proven expertise in developing and implementing security control assurance programs and supply chain risk assessment frameworks.
• Certifications: CISSP, CISM, or other security certifications are highly desirable.
• Knowledge: Solid understanding of security management frameworks such as ISO27001, NIST, ASD, and other related security standards.
• Familiarity with cloud environments and network security.

This role offers:

• Competitive remuneration based on skills and experience.
• Purchased additional annual leave.
• Health and wellbeing initiatives.
• Staff discounts and rewards program.
• Novated leasing.

---