Cyber Sec Gov

**Job no**: 525766

**Work type**: full time

**Location**: Sydney, NSW

**Categories**: Information Technology, Cyber
- Employment: Full time (35 hours per week)
- Duration: Continuing
- Remuneration: Excellent salary package including leave loading and generous superannuation
- Location: Based in Kensington, Sydney (hybrid working available)

**About UNSW Sydney**:
UNSW isn’t like other places you’ve worked. Yes, we’re a large organisation with a diverse and talented community; a community doing extraordinary things. Together, we are driven to be thoughtful, practical, and purposeful in all we do. Taking this combined approach is what makes our work matter. It’s the reason we’re one of the top 50 universities in the world and a member of Australia’s prestigious Group of Eight. If you want a career where you can thrive, be challenged, and do meaningful work, you’re in the right place.

Reporting to the Cyber Security Governance and Risk Manager, the role supports the maintenance and operational delivery of a fit-for-purpose and adaptive Cyber Security Governance framework and Information Security Management System (ISMS) including the assessment of information security risk associated with ICT services and IT initiatives; measurement of the operational delivery and effectiveness of security controls, management of security remediation and enhancement activities and promotion of a cyber-aware culture through delivery of training and awareness initiatives.

**Accountabilities Specific accountabilities for this role include**:

- Maintain cyber security policies and standards, periodically review, update, and align them with the overall policy framework and manage exemptions.
- Maintain and operationally deliver cyber security controls assurance services designed to assess whether key controls are operating effectively and consistently, including auditing of internal cyber security controls; risk assessment of 3rd party/supply chain risk exposure; and penetration testing of ICT systems and infrastructure.
- Maintain and administer a quantitative (value-at-risk) threat model relevant to the reporting of UNSW’s major cyber security threats and key controls.
- Maintain cyber risk register, socialise the risks to the relevant teams and administer the completion of risk treatment and policy compliance initiatives.
- Administer, and operationally deliver cyber security policy risk and metrics reporting using metrics dashboard to drive compliance.
- Coordinate and support the independent audit of cyber security controls on behalf of the University, including statutory audits completed by the Audit Office of NSW.
- Maintain and administer the cyber security awareness and training initiatives.
- Maintain awareness of legal, regulatory compliance and contractual obligations that are relevant to the University’s management of cyber security risk.
- Maintain an awareness of the University’s internal and external environment for emerging threats and advise the Head of Cyber Security Operations as appropriate.
- Escalation of significant security issues and risks as appropriate.
- Cooperate with all health and safety policies and procedures of the university and take all reasonable care to ensure that your actions or omissions do not impact on the health and safety of yourself or others.
- Align with and actively demonstrate the UNSW Values in Action: Our Behaviours and the UNSW Code of Conduct. - Cooperate with all health and safety policies and procedures of the university and take all reasonable care to ensure that your actions or omissions do not impact on the psychosocial or physical health and safety of yourself or others.

**Skills and Experience**
- A minimum of 2-3 years of experience in cyber security governance, compliance, risk management or cyber security operations within major organisations.
- Sound understanding of control assurance testing / auditing as well as identity and access management principles.
- Well-developed knowledge of cybersecurity principles and practices.
- Ability to present with credibility and translate technical and complex information concisely for diverse audiences using strong analytical and problem-solving skills.
- Strong negotiation and influencing skills to effectively manage key stakeholders, build robust relationships and work with a diverse set of business and technology people across the university and third-party vendors.
- Experience with industry-wide security standards and compliance frameworks such as ISO/IEC 27001, NIST CSF, COBIT 5 etc.
- Relevant industry certification(s) such as CSX, CRISC, CISA, CISSP, ISO/IEC 27001 Lead Implementer/Auditor, AWS, Google, Microsoft Technology (highly desirable).
- Demonstrated high level of personal motivation, resilience, and ability to work effectively individually or in teams.
- An understanding of and commitment to UNSW’s aims, objectives and values in action, together with relevant policies and guidelines.