Principal Cyber Security Consultant

**About Comunet**

**The Opportunity**

As a Principal Cyber Security Consultant, you will be critical in the ongoing development and delivery of Comunet’s cybersecurity advisory capabilities and delivery. You will work across a range of different teams and clients and you will be able to balance conflicting priorities while maintaining focus on quality delivery and clients being our first thought.

The role itself focuses on formal risk assessments against frameworks, recommendations around designing technical solutions, overseeing implementation ensuring a quality focus and development of contemporary policies and practices for Comunet and our clients.

Although formally reporting to the Head of Cyber, we expect you to be able to show leadership by working with client managers, consulting, services, and development teams to develop and drive excellent client outcomes. You will also need to build and manage opportunities with new and existing clients. As part of an open, cross-organisational team we will look for you to put thoughts and ideas forward in a constructive way.

You will need to hold an appropriate formal qualification such as CRISC, CISA, CISSP, CISM, ISO 2700 Lead Auditor or similar and have 15+ years' experience delivering professional IT services.

Additionally, you may hold other technical certifications such as CCNA, CompTIA Network+ / Security+ and relevant AWS and Microsoft certifications

**Key responsibilities**:

- Engage with clients providing advice on areas such as cloud computing governance and risk, mobile device threats and management, third party security and identity management for example.
- Undertake detailed risk assessments, including liaising with and reporting to senior business and IT and executive board level management
- Stay abreast of contemporary cybersecurity related threats and associated controls at the people, process, and technology levels
- Recommend, assess, and utilise best practice, industry standard and regulatory requirements for information security, such as those prescribed by 27001, the NIST Cybersecurity framework and the Australian Government Information Security Manual (ISM) as appropriate
- Assist on projects to provide Business Continuity and Disaster Recovery advisory services and develop organisation-wide plans and procedures to meet business requirements
- Work across multiple client engagements in your core areas of capability and identify further consulting opportunities both within Cyber and across Comunet’s capabilities.
- Liaise with technical and solution vendors and partners on behalf of customers
- Act as an outsourced CISO as a Service to our strategic clients
- Development of Comunet Cyber Services, and identity and assist with maturing existing services

**What we are looking for**:

- Experience in IT risk and information security management consulting, that may have included:

- detailed risk assessment including the identification and assessment of threats and vulnerabilities, leading to prioritised risk remediation plan and roadmaps
- gap analysis of an organisation’s current information security control environment, including people, process and technology in alignment with industry benchmarks, standards or industry accepted best practices
- establishment and maintenance of an information security management system or framework and associated information security policy and standards and associated processes
- security architecture considerations and advise to projects on technical security architecture
- review and assurance of third-party IT service providers, such as assessing cloud solutions during the acquisition process and identifying control requirements that may be addressed through contracts and SLA’s
- development of security incident response processes, including identifying required alerting functions, escalation and response processes and associated reporting
- technical security assurance and security testing
- Understanding of security and risk processes in the project lifecycle and systems development methodologies
- Experience in creating Business continuity and disaster recovery strategies, plans and procedures to meet business requirements, including conducting business impact assessments
- Providing direction to a range of technical staff and vendors in the delivery of IT solutions to deliver business outcomes
- Successfully contributing to and participating in multidisciplinary project teams in order to achieve outcomes within time and cost limitations
- Demonstrated skills in analytical, written and presentation skills applicable to preparing reports, submissions and briefings regarding strategic issues
- Delivering consulting projects within commercial budget and time constraints while aligning with group, company and team targets and objectives
- Integrity and professionalism and the ability to act independently in making decisions to achieve project outcomes
- Substantial experience in dealing