Cyber Resilience Team Lead

**Acknowledgement of Country**:
CSIRO acknowledges the Traditional Owners of the land, sea and waters, of the area that we live and work on across Australia. We acknowledge their continuing connection to their culture and pay our respects to their Elders past and present.

**Child safety**:
CSIRO is committed to the safety and wellbeing of all children and young people involved in our activities and programs. View our Child Safe Policy.

**The opportunity**:

- **Lead CSIRO’s cyber security resilience across the organisation, including support to key projects**:

- **Drive priorities, manage resources, & deliver high-quality outcomes**:

- **Embed secure-by-design practices with enterprise-wide impact**

CSIRO is seeking an experienced leader to manage its Cyber Security Resilience team. This team plays a vital role in ensuring that CSIRO’s services are secure-by-design and aligned with acceptable risk levels. Working across the entire organisation and a range of strategic projects, the team delivers cyber security engineering and assurance artefacts, identifies risks, and provides recommendations to support informed decision-making.

**Your duties will include**:

- Maintain and establish collaborative and productive relationships with CSIRO operational and research stakeholders to maintain secure delivery of business goals within CSIRO organisational risk appetite.
- Maintain and establish collaborative and productive relationships with project stakeholders to enable secure delivery of business goals within CSIRO organisational risk appetite.
- Take ownership of technical assurance capabilities such as vulnerability management, penetration testing with a view to optimise and mature these capabilities.
- Lead CSIRO’s supplier cyber risk assurance capabilities to ensure CSIRO suppliers and third-parties risks remain within acceptable levels.
- Take ownership of cyber awareness capabilities of the organisation by developing and implementing a longitudinal, multi-faceted cyber awareness program.
- Be responsible for running and improving CSIRO’s cyber architecture capabilities.
- Review and approve cyber security resilience activity artefacts produced by the team prior to release and escalate any significant risks to the Chief Information Security Officer in partnership with key stakeholders.
- Manage cyber security related tickets/requests and reporting, budget planning and forecasting, and delivery of security engineering and assurance activities.

**Location**:Open to be based from Sydney (Lindfield), Melbourne (Clayton), Canberra (Black Mountain), Brisbane (St Lucia), Hobart (Sandy Bay), Adelaide (Waite)

**Salary**:AU$131,113 - AU$153,639 plus up to 15.4% superannuation

**Tenure**:Indefinite

**Reference**:100266

**To be considered you will need**:

- Tertiary and/or industry qualifications in cyber security, IT or equivalent discipline.
- At least two (2) years managing a cyber security team in an operational or assurance capacity, or at least five (5) years managing an IT team.
- Demonstrated experience in identifying, evaluating, and mitigating risks within an Enterprise environment.
- Demonstrated experience in managing a technology service/ area or technically leading/designing an enterprise solution.
- Demonstrated knowledge of enterprise and solution architecture, business analysis and requirements development, vulnerability scanning, penetration testing, threat/risk/gap assessments, compliance audits, and code analysis.
- Proven track record of effective ticket or request management providing advice to end users and stakeholders as well as issue/problem resolution.
- Demonstrated ability to communicate, collaborate and work effectively across organisational boundaries and levels with initiative and autonomy.
- Demonstrated ability to coordinate and manage competing priorities including engagement across multiple IMT strategic projects, day to day operational service delivery, reporting, capacity management, budget management, team management, and project management.
- Demonstrated ability and willingness to contribute novel ideas and approaches in support of scientific research and keeping the organisation cyber safe.
Desirable:

- Experience in supporting multiple complex projects.
- Experience with the Protective Security Policy Framework (PSPF).
- Experience with Australian Cyber Security Centre (ACSC) security guidance, NIST SP guidelines, and Centre of Internet Security (CIS) benchmarks.
- Good understanding of shared responsibility model in the cloud and/or on-premises.
- Familiarity with Australian legislation including (but not limited to) the Privacy Act 1988 (Cth) and the Archives Act 1983 (Cth); and
- Relevant security industry certifications from certification bodies such as ISACA, ISC2, SANS, PECB, SABSA Institute, The Open Group etc.

For full details about this role please review the Position Description

**Eligibility**:
**Flexible working arrangements**:
We work flexibly at CSI