Information Technology Security Advisor

Lucrative Base Wage with Annual Bonus
- The role can be located in Sydney or Canberra
- Voted 2019's and 2020's "Best Place to Work in Australia"

**About My Client**:
My client is an Australian Telco that specialises in cloud services for businesses and the government. Locally owned and operated, with an industry-leading customer service model, they're trusted by their customers to provide the services that enable their business success.

**Purpose of the Position**:
This role will be responsible for leading, managing and guiding the Information Security Compliance & Governance Program to ensure that my client's internal and external clients receive professional and effective information security management services.

They will coordinate initiatives in emerging information security and risk management areas. Creating opportunities for collaboration between existing programs and meeting my client's operational objectives.

**Work Duties Expected Fulfilled**:

- Provide leadership and direction, motivate and develop staff, encourage a team spirit and harmony, manage appropriate training, monitor performance and provide timely feedback and support
- Manage the development and implementation of my client's information security policies, procedures and site management plans, based upon a regular review of the security risks, to ensure compliance with relevant Australian and international security standards
- Develop and review security measures to protect my client's systems with a consistent and total approach to security
- Monitor and report on my client's Security Compliance program’s operating budget and business plan to meet targets
- Ensure regular security awareness training is provided to staff and internal and external clients. Provide training to managers who have direct accountability for information security and resources on procedural aspects of information security
- Provide expert advice and co-ordinate the hosting operation security risk assessment, for the hosting security policy/program and each information system, integrating the individual system security plans and internal and external client security plans into an overall security plan
- Develop a Security Management Framework that integrates business, operational, and information security system risk management, focusing on risk management processes, risk mitigation through communication remediation action plans and residual risk
- Maintain, monitor and report on information security audit and compliance plans, manage the Internal Audit requirements for the Information Security Management System
- Manage the development and implementation of a program for security monitoring and incident reporting. Own, manage and escalate all security incidents on an ongoing basis
- Responsible for managing independent audits of hosting operation systems and other relevant information security audits undertaken by certifying bodies and/or authorised auditing organisations
- Provide guidance and recommendations in ASD, PSPF; ISO27001, PCI-DSS and other international standards when required
- Contribute to the development and implementation of the hosting operations Business Continuity and Disaster Recovery plans and procedures
- Participate as a Security Manager when required within hosting, cross-department initiatives, projects and business activities
- Undertake Security Officer Role including approval of access requests, AGSVA and customer-specific security clearance processes and annual assistance activities to support the CISO.
- Participate in the internal and external audit programs.

**Qualifications We Are Looking For**:

- Certified Information Security Professional (CISP) and/or Certified Information Security Manager (CISM).
- Degree in Engineering or Equivalent
- Active ASGVA Clearance NV1 or greater

**Qualifications That Are Highly Desirable**:

- SANS GIAC
- CISA (Certified Information Security Auditor)
- Cloud Security

**Experience We Are Looking For**:

- 5 + years of hands-on experience in Information Security domains vulnerability Management & Pentesting, cloud security and security architecture.
- 5 + years of good working knowledge of ASD ISM / PSPF and other Global Standards such as ISO, PCI and others
- Good Understanding of risk management frameworks such as ISO31000
- Have led information security audits and assessments and upgrades with successful outcomes
- Good understanding of Datacentre Security that includes physical, environmental, cable management, and asset management and provides assistance to the team to achieve a desirable outcome.
- Applied experience in other global industry certifications/compliance frameworks in Information Security, Risk Management frameworks, Quality Management Systems

**Capabilities**:
**Communication**:

- Substantial high-level communication and interpersonal skills are required to effectively negotiate with different teams on business issues, including advice on information technology s