Portfolio Security Advisor

Location: Melbourne | CBD

Job type: Full time

Organisation: Department of Transport and Planning

**Salary**: $129,379 - $173,138

Occupation: Projects

Reference: 1942

**About the Role**

The Portfolio Security Advisor is a position that sits within the Information Security Team and is responsible for helping business teams and projects understand their information security risks, identify treatments to manage those risks and comply with DTP and VPDSS Information Security standards and policies. The role is a key function that will contribute to improving the maturity of the organisation's cybersecurity resilience.

The Security Advisor will also act as a gateway for project teams and business units to access and leverage centralised enterprise security capabilities such as security testing and incident management.

Position Description, please click here

**Position Accountabilities**

Seeking a compliance and risk leader skilled in ensuring adherence to standards, mitigating breaches, and implementing security strategies. Drive security maturity and stakeholder engagement while advocating for safe and inclusive team operations.

**Key Selection Criteria**
- **Partnering and Co-Creation (Accomplished) -** Builds and maintains partnerships to achieve objectives; Coaches others on the co-creation process and builds team commitment to co-creation by demonstrating personal commitment; Builds trust in partnerships through timely and quality delivery of outcomes; Facilitates discussion and navigates differences of opinion to reach decisions.
- **Critical Thinking and Problem Solving (Accomplished) -** Considers the wider business context within a business unit when considering options to resolve issues. Identifies recurring problems and prevents future recurrence by integrating solutions into work processes. Delivers tangible business outcomes as a result of critically evaluating problems from multiple perspectives and delivering effective solutions.
- **Cybersecurity Literacy (Applied) -** Guides other in operating cybersecurity tools relevant to area of work. Understands the impact of internal IT landscape to daily operations; Has broad understanding on implementation activities related to the introduction and ongoing maintenance of new cybersecurity tools.
- **Stakeholder Management (Accomplished) -** Identifies issues in common for one or more clients or stakeholders and uses them to build mutually beneficial partnerships; Identifies and responds to stakeholder’s underlying needs; Uses understanding of the stakeholder’s organisational context to ensure outcomes are achieved.
- **Influence and Persuasion (Accomplished) -** Gains agreement to proposals and ideas; Build behind the scenes support for ideas to ensure buy-in and ownership; Uses chains of indirect influence to achieve outcomes; Involves experts or other third parties to strengthen case.

**Qualifications and Experience**

**Mandatory**
- Substantial cyber experience in policy, consulting, legal, risk management, solution delivery, or other relevant cybersecurity roles.
- Working knowledge of relevant risk management frameworks and information risk assessments.
- Sound knowledge of, or practical experience working with security frameworks such as VPDSF, ISM, Essential 8, NIST CSF or ISO 27001.

**Desirable**
- Degree or diploma in a relevant field such as cyber security, psychology, criminology, law.
- Knowledge of OVIC security guidance and practices, such as VPDSS, PDSP and SSP.
- Understanding of, or experience with OT security controls.
- Ability to obtain an AGVSA Security Clearance.

**ROLE SPECIFIC REQUIREMENTS**
- Policy, standards, and cyber risk consultancy, providing the customer with curated, relevant security requirements for privacy, data protection and operational resilience.
- Contribute to the specification of System Security Plans, Security Risk Profile Assessments and VPDSS compliance assessments for PDSP attestation.
- Assist in forming information sharing agreements regarding customer or highly sensitive data.
- Assist in refining Franchise Operator Management Plans to ensure inclusion of appropriate security standards and legislated security obligations.
- Provide assurance of security treatments to manage cyber risk to within DTP appetite.
- Connect project teams and business units to enterprise cyber and information security services.
- Oversight and assurance of Transport Operators against contractual and regulatory obligations through participation in DTP Operational Control Management governance forums.
- Provide input to vendor selection activities, contractual negotiations, and solution designs in keeping with DTP standards and regulatory obligations.
- Review and provide feedback on various artefacts related to project security designs and business processes.

**What we offer**
- Meaningful work making Victorian communities more accessible and liveable
- Professional growth and development opportunities across t