Cyber Security Risk Advisor

About TAFE Queensland
TAFE Queensland is proud to be the largest and most experienced Vocational Education and Training provider in the State. For more than 140 years, TAFE Queensland has delivered practical and industry-relevant training to provide students with the skills and experience they need to build lifelong careers. We have recently been named the State Winner of the 2021 Large Training Provider of the Year at the prestigious Queensland Training Awards. Our training is delivered to students and apprentices on-site, online, in the workplace, or on-campus to give people the skills they need to enrich their communities, support their industries, and strengthen their local economies.
By working at TAFE Queensland, you can be part of a highly experienced workforce closely connected with their industries and dedicated to delivering best practices and innovative training.
Your Opportunity
As a Cyber Security Risk Advisor, you will be responsible for helping to manage Cyber Security Risk, enabling TAFE Queensland to make risk-informed decisions to improve business performance and achieve growth objectives. You will:

- Bring your cyber risk management skills and experience to deliver high quality cyber and privacy risk assessments.
- Support TAFE Queensland's adoption of cyber security group standards and guidance.
- Be an active communicator and engage across TAFE Queensland to promote cyber security initiatives and best practice.
- Assist in the secure design and implementation of key security, infrastructure and Cloud based initiatives.

This position reports to the Manager, Risk Advisory.
This is a Permanent, Full-Time opportunity.
The position will be based primarily at Mount Gravatt however you may be required to perform work at other TAFE Queensland campuses.
Key Responsibilities
- Conduct cyber security risk and privacy assessments of new and existing technologies to identify risks, and appropriate controls that balance security and operability.
- Provide effective and pragmatic input into cyber security design and architecture for key technology projects, enabling TAFE Queensland to operate securely within business risk tolerances.
- Take a leading role in engaging with, and promoting cyber security across a broad spectrum of stakeholders, including Management, Educational Staff and IT practitioners.
- Co-ordinate the identification and assessment of new and emerging hardware, software and communication technologies, products, methods, techniques and information security trends and address and assess their relevance to the organisation.
- Work alongside external service providers on cyber security related activities, including TAFE Queensland's primary managed service provider, and other providers of security-related services.
- Establish strong working relationships and communicate security related concepts to a broad range of technical and non-technical clients, including key stakeholders and external consultants.
- Participate in Queensland Government led communities of practice and other forums as required to better inform TAFE Queensland's defensive security posture.

How you will be assessed
The ideal applicant will be someone who has the following key capabilities:
*
- Demonstrated knowledge of risk management practices, and best practice for information security management in a large, geographically dispersed organisation; with proven expertise delivering security and privacy risk assessments to better manage business risks and articulating these to key stakeholders.
- Demonstrated understanding of key cyber security disciplines, with a sound understanding of securing cloud-based environments, such as Microsoft Azure and Office 365, including AAD, Intune and conditional access and associated technologies and the ongoing compliance requirements of these services.
- Experience and understanding in the secure design and operation of key technologies, including networking equipment, Windows Active Directory, common cloud platforms (Azure/AWS) etc.
- Demonstrated ability to challenge issues and raise objections constructively when analysing and assessing cyber security risk, and embrace new challenges when working towards the achievement of key business objectives.
- Strong interpersonal communication skills, with the proven ability to engage effectively and build credibility.
- Demonstrated ability to live and promote a strong ICT team culture that values the contributions of all team members, is honest and considerate, and through that is an active participant in building and maintaining a highly respected high performance team.

Mandatory/Highly Desirable Requirements
- Minimum of 3 years of cyber security experience in enterprise environments.
- Experience in providing secure solution design and architectural support to ICT in delivering a range of services, including on-premise and cloud-based solution.
- Possession of industry acknowledged security certifications, such as CISSP, CISM, CRI