Sitec & Aee1 Cyber Security Assurance Leaders

**The Organisation**

The Australian Security Intelligence Organisation (ASIO) protects Australia and Australians from threats to their security. In a complex, challenging and changing security environment, our success is built on the imagination and intelligence of our team. ASIO's people are ordinary Australians but they do extraordinary things - they are our most important asset. To be successful in our mission, we need talented people who are highly capable, dedicated, adaptable and resilient.

**The opportunity**

We are seeking Cyber Security Leaders to fill vacancies in our Cyber Security Assurance team.

These roles are instrumental in safeguarding ASIO's sensitive information and systems by providing the technical foundations that enable the effective and secure operation of our functions, thereby ensuring the integrity, confidentiality, and availability of our critical assets.

These positions may attract an additional technical skills allowance.

A merit pool may be created to fill future vacancies which have the same or similar requirements to this position. This merit pool will be valid for up to 18 months.

**Role responsibilities**

As a Cyber Security Technologist, Cyber Security Assurance (SITEC), you will:

- Drive the integration of cutting-edge security principles into the design and architecture of emerging systems, aligning with industry best practices and community standards.
- Foster a culture of security by design, collaborating with project teams to develop secure systems and providing expert security guidance through comprehensive documentation and risk assessments.
- Champion compliance and governance, leading assessments of ASIO's systems against Australian Government policies, standards, and best practices, including the Protective Security Policy Framework (PSPF) and Information Security Manual (ISM).
- Develop and execute strategic threat modelling and risk management initiatives, facilitating workshops with stakeholders to identify, assess, and prioritise security threats and risks, and providing strategic guidance on mitigation strategies.
- Shape the future of ASIO's IT security posture by developing and maintaining policies that address emerging threats and opportunities.
- Enhance the security awareness and capability of ASIO staff through targeted assessments, interactive awareness campaigns, and curated training programs.
- Stay at the forefront of the rapidly evolving cyber security landscape, maintaining expertise in the latest threats, technologies, and developments to inform ASIO's cyber security strategy.

As Assistant Director, Cyber Security Assurance (AEE1), you will:

- Lead and oversee a team of Cyber Security Assessors to ensure ASIO systems adhere to Australian Government policies, standards, and best practices, driving a culture of compliance and continuous improvement.
- Orchestrate the planning, scheduling, and coordination of assessment and remediation activities, ensuring efficient and effective execution.
- Develop and implement strategic security uplift initiatives across the organisation, aligning with business objectives and risk management frameworks.
- Create, maintain, and review relevant documentation, procedures, and policies, ensuring they remain current and effective in addressing emerging cyber threats.

**What you will bring**
- Relevant degree or equivalent work experience, with strong technical expertise and relevant work experience working in a cyber security operations, engineering or assurance role.
- Relevant certifications within cyber security (e.g. SANS GIAC certifications, CISSIP, CISM).
- Experience with security technologies such as Security Information and Event Management (SIEM) systems (preferably Splunk and/or Sentinel), vulnerability management tools (e.g. Tenable), endpoint and network security tools, threat intelligence platforms (e.g. OpenCTI), incident response tools, and cloud environments (e.g. AWS Guard Duty and Microsoft Defender).
- Experience in the design, implementation, and maintenance of on-premise and/or cloud enterprise systems using some or all relevant technologies such as the VMware ecosystem, enterprise operating systems, AWS services (EC2, ECS, CloudFormation, CodePipeline) and platform automation tools such as Ansible and Puppet.
- Knowledge of security frameworks and standards such as the Information Security Manual (ISM).
- Previous experience working in a Security Operations Centre would be highly desirable.
- Strong analytical and problem-solving skills, with the ability to work under pressure.
- Demonstrated ability to work closely with stakeholders, including internal technology teams, external managed service providers, vendor professional services, and domestic and international partners.
- Excellent collaboration skills and demonstrated ability to lead the delivery outcomes.
- Strong security awareness and risk management skills.

**What we offer you**

ASIO provides a number of benefits to i