Cybersecurity Professional

The role of a Cybersecurity Strategist is pivotal in shaping the organisation's cybersecurity strategy and resilience from the ground up. Utilising cutting-edge tools such as SIEM, EDR/XDR, and CASB to stay ahead of emerging threats.

• To provide expert advice to ICT and business stakeholders to strengthen the organisation's security posture through informed decision-making.
• Support the development and continuous improvement of the information security governance framework, including policies, standards, and procedures that align with regulatory requirements.
• Ensure that security controls are implemented, monitored, and aligned with internal policies, regulatory obligations, and audit requirements to maintain compliance.

• Conduct threat hunting, forensic investigations, and integrate findings into governance, risk, and compliance (GRC) reporting to enhance the organisation's understanding of potential risks.
• Participate in enterprise risk assessments and perform control testing to evaluate and mitigate information security risks by identifying vulnerabilities and implementing remediation strategies.
• Lead vulnerability assessments and penetration testing, recommending remediation strategies aligned with the organisation's risk and security objectives to ensure the highest level of security.
• Conduct third-party risk assessments and support vendor security reviews during procurement and onboarding processes to ensure the security and integrity of external relationships.
• Investigate and implement emerging technologies and practices to enhance security capabilities and resilience, staying ahead of evolving threats.
• Promote a culture of compliance and accountability through the delivery of security awareness and education programs to ensure all stakeholders understand their roles in maintaining a secure environment.
• Manage and enhance the information security incident response process, including post-incident reviews and continuous improvement to refine response strategies.
• Provide cybersecurity and GRC input in project planning, delivery, and business decision-making forums to ensure that security considerations are integrated into all organisational initiatives.
• Conduct gap assessments against the WA Cyber Security Policy and ensure alignment with the Essential Eight Maturity Level 1 to maintain adherence to industry best practices.
• Establish and maintain governance frameworks, security guardrails, and operational risk registers to ensure effective risk management and mitigation.
• Maintain and uplift security policies, guidelines, and documentation to reflect evolving threats and compliance requirements, ensuring that all stakeholders have access to relevant information.

• A tertiary qualification in a relevant field such as Information Technology or Computer Science.
• Proven experience in information security and Governance, Risk & Compliance (GRC), with a strong understanding of security principles and practices.
• Hands-on expertise in incident response, infrastructure hardening, and day-to-day security operations to effectively manage and mitigate risks.
• Familiarity with tools such as SIEM, DLP, EDR/XDR, CASB, and threat intelligence platforms to leverage technology in enhancing security capabilities.
• A strong understanding of key standards and frameworks, including ISO 27001, PCI-DSS, NIST, ASD Top 8, the Privacy Act, and APRA CPS 234 to ensure compliance with industry regulations.
• Knowledge of secure software development practices and common application vulnerabilities to identify areas for improvement and implement remediation strategies.
• Solid technical knowledge of Windows and Linux environments, as well as networking protocols across the OSI model to effectively manage and secure complex systems.
• Experience conducting security assessments, audits, and implementing security technologies to drive security improvements and enhancements.
• A good grasp of risk management principles and compliance frameworks to effectively assess and mitigate risks.
• Strong analytical and problem-solving skills, with the ability to think critically and act decisively in high-pressure situations.
• Excellent communication skills and the ability to engage effectively with both technical and non-technical stakeholders to foster collaboration and drive results.
• A flexible, team-oriented attitude with the ability to step into technical tasks when needed, demonstrating adaptability and a willingness to learn.

• Flexible working arrangements to accommodate diverse needs and preferences.
• The opportunity to be part of a mission-driven organisation making a meaningful impact across Western Australia.
• A dynamic and collaborative environment with room to grow and develop your career.
• A chance to shape and influence the future of the organisation's information security landscape, driving innovation and progress.