Cyber Sec Assurance Analyst

**Job no**: 527462
**Work type**: full time
**Location**: Sydney, NSW
**Categories**: Information Technology, Analyst, Cyber
- Employment Type: fixed term role until Dec 2025 as a Cyber Security Assurance Analyst within Cyber Security, UNSW IT
- Starting Salary $110,073 plus generous superannuation
- Location: UNSW Kensington Campus (Hybrid Working Opportunities)

**About UNSW**:
UNSW isn’t like other places you’ve worked. Yes, we’re a large organisation with a diverse and talented community, a community doing extraordinary things. Together, we are driven to be thoughtful, practical, and purposeful in all we do. Taking this combined approach is what makes our work matter. If you want a career where you can thrive, be challenged and do meaningful work, you’re in the right place.

The Cyber Security Assurance Analyst supports the maintenance and operational delivery of Cyber Security Assurance Services within a fit-for-purpose and adaptive Cyber Security Risk Management framework, to maintain an effective and compliant cyber security posture within UNSW. The role is responsible for supporting the regular assessment of the effectiveness of internal controls, ensuring the implemented controls mitigate risks and supporting the delivery of proactive and regular metrics reporting of ICT services and IT initiatives to the University stakeholders. The Cyber Security Assurance Analyst reports to the Cyber Security Assurance Manager and has no direct reports.

**Specific accountabilities for this role include**:

- Support the maintenance and operational delivery of cyber security controls assurance services designed to assess whether minimum defensible and enhanced controls are operating effectively and consistently.
- Conduct regular reviews, audits and assessments to evaluate the design and operational effectiveness of internal cyber security controls defined in scope of controls assurance.
- Ensure controls effectiveness tests are performed, such as vulnerability scanning, penetration testing, and control testing, etc., to validate the effectiveness of controls.
- Identify and analyse potential vulnerabilities, threats, and risks to UNSW's assets and determine if the controls are in place to adequately address them.
- Engage with key stakeholders in responding to queries associated with controls stipulated in Cyber Security Standard.
- Ensure the registration (on Cyber Security GRC platform) of the risks identified from controls assurance activities.
- Ensure that the identified risks, threats, and control effectiveness ratings are entered into UNSW’s Cyber Security TRA (Threat and Risk Assessment) platform.
- Support the reporting of assurance to management and stakeholders that the implemented controls are appropriately designed, implemented, and operating effectively to protect UNSW's information assets.
- Administer, and support the operational delivery of metrics reporting using metrics dashboard.
- Maintain accurate records of control assessments, findings, and remediation actions.
- Any other duties commensurate with this position and as required by the Cyber Security Assurance Manager.
- Align with and actively demonstrate the UNSW Values in Action: Our Behaviours and the UNSW Code of Conduct.
- Cooperate with all health and safety policies and procedures of the university and take all reasonable care to ensure that your actions or omissions do not impact on the health and safety of yourself or others.

**Who you are**:

- A relevant tertiary qualification with subsequent relevant experience or an equilivent level of knowledge gained through any other combination of education, training and / or experience.
- A minimum of 1-3 years of experience in cyber security governance, compliance, risk management or cyber security operations within major organisations.
- Foundational understanding of control assurance testing / auditing / identity and access management principles and knowledge of cybersecurity principles and practices.
- Knowledge of industry-wide security standards and compliance frameworks such as ISO/IEC 27001, NIST CSF, COBIT 5 etc.
- Relevant industry certification(s) such as CSX, CRISC, ISO/IEC 27001 Lead Implementer/Auditor, AWS, Google, Microsoft Technology (highly desirable).
- Ability to present with credibility and translate technical and complex information concisely for diverse audiences using strong analytical and problem-solving skills.
- Strong negotiation and influencing skills to effectively manage key stakeholders, build robust relationships and work with a diverse set of business and technology people across the university and third-party vendors.
- Demonstrated high level of personal motivation, resilience, and ability to work effectively individually or in teams.
- An understanding of and commitment to UNSW’s aims, objectives and values in action, together with relevant policies and guidelines.
- Knowledge of health and safety responsibilities and commitment to attend