Cyber Security Risk Advisor

**Job no**: 525136

**Work type**: full time

**Location**: Sydney, NSW

**Categories**: Information Technology, Cyber
- Employment: Full time (35 hours per week)
- Continuing role as a Cyber Security Risk Advisor
- Remuneration: Excellent salary package including leave loading and generous superannuation
- Location: Based in Kensington, Sydney (hybrid working available)

**About UNSW Sydney**:
UNSW isn’t like other places you’ve worked. Yes, we’re a large organisation with a diverse and talented community; a community doing extraordinary things. Together, we are driven to be thoughtful, practical, and purposeful in all we do. Taking this combined approach is what makes our work matter. It’s the reason we’re one of the top 50 universities in the world and a member of Australia’s prestigious Group of Eight. If you want a career where you can thrive, be challenged, and do meaningful work, you’re in the right place.

**Accountabilities**
- Delivery of risk advisory and risk assessment services to university stakeholders
- Review solution/capability design and architecture artefacts, identify and assess security risks, recommend, and prepare high quality reports detailing security issues and risk treatment actions.
- Perform risk assessment of 3rd party/supply chain risk exposure.
- Update the cyber risk register with risks from projects, penetration tests, exemptions, and changes.
- Socialise the risks to the relevant teams and administer the completion of risk treatment and policy compliance initiatives prior to deployment or change.
- Provide expert advice on cyber security compliance by ensuring and communicating adherence to policies, standards, architecture, and strategies (including surrounding cloud services).
- Ensuring any non-compliance, control under-performance or risk beyond appetite is appropriately recorded and effectively escalated for remediation.
- Drive penetration testing scope validation, penetration test report review, risk assessment and retesting recommendations of IT systems and infrastructure as a part of project assurance.
- Advise on new or complex exemptions requests.
- Identify and recommend required changes to cyber security policies and standards.
- Deliver periodic cyber security risk advisory service SLA and KPI metrics to drive compliance.
- Support the independent audit of cyber security controls on behalf of the University, including statutory audits completed by the Audit Office of NSW.
- Continually stay up to date and aware of legal, regulatory compliance and contractual obligations that are relevant to the University’s management of cyber security risk.
- Promote awareness of the University’s internal and external environment for emerging cyber security threats.
- Build effective working relationship with internal and external stakeholders to develop innovative solutions that meet business needs.
- Promote a culture of continuous improvement, championing professional standards, innovation, and methods.
- Other duties appropriate and in line with to this position as requested by the Cyber Security Risk Advisory Manager.
- Align with and actively demonstrate the UNSW Values in Action: Our Behaviours and the UNSW Code of Conduct.
- Ensure hazards and risks psychosocial and physical are identified and controlled for tasks, projects, and activities that pose a health and safety risk within your area of responsibility.

**Skills and Experience**
- Minimum 5 years’ experience in the delivery of cyber security risk assessment, consulting, and advisory services, ideally with experience working for a global consulting firm, technology giant or large government agency or defence consultancy.
- A relevant Degree with extensive experience in cyber security governance, compliance, risk management or cyber security operations within major organisations or an equivalent level of knowledge gained through any other combination of education, training, and experience.
- Strong cyber security GRC fundamentals and strong knowledge of cyber security principles and practices.
- Excellent understanding of industry-wide security standards and compliance frameworks such as ISO 27001, NIST 800-53, CSA, Essential 8, PCI DSS, COBIT 5, Mitre ATT&CK etc.
- Relevant industry certification(s) such as CISSP (Ideal), CEH, CISM, CRISC, GSEC, AWS Security Speciality, Microsoft Azure (highly desirable).
- Excellent understanding of current security technologies, products, and services, including native cloud security controls in AWS and Azure.
- Strong interpersonal, communication and negotiation skills including ability to develop effective relationships and influence key stakeholders at all levels in the organisation.
- Ability to present with credibility and translate technical and complex information concisely for diverse audiences using strong analytical and problem-solving skills.
- Demonstrated high level of personal motivation, resilience, and ability to work effectively individua