Cyber Security Lead

**IT** **/** **Full Time****:
This is an incredibly exciting time to join the business and get involved with advanced and innovative product builds.

As a Security Architect you will
Be responsible for cyber security across our cloud business platform, product development stack, and lifecycle activities. You’ll design and implement security structures to thwart intrusions then test and audit the cyber security landscape ongoing. You’ll ensure our maturity and compliance with Essential 8 (ASD) and take us through the ISO 27001 Stage 1 and 2 certification process. Your ultimate goal is to provide actionable risk management across our critical infrastructure, protect our rapidly scaling business and build a culture of cyber awareness and resilience.

You may recommend appointing a Managed Security Services provider. With regard to our product development lifecycle, you’ll inject security practices into our DevOps pipeline, so that we incorporate security into all stages of the software design and development workflow (DevSecOps).

Based in Sydney. You will report to the Lead Architect and collaborate intensely with our cloud platform,

product management, data management and stakeholder experience teams.
- Review current systems security measures, develop strategies and a security roadmap (inclusive of the Essential 8), implement enhancements - including if deemed necessary bringing on a managed security services partner
- Conduct regular system tests and ensure continuous monitoring of network security
- Promote cyber security awareness and help build a culture of resilient behaviours and mindsets across the eco-system
- Establish disaster recovery procedures and conduct training and drills
- Promptly respond to all security incidents and provide thorough post-event analyses
- Implement and manage DevSecOps to ensure our product and features roadmap is secure by design
- Lead ISO 27001 certification, such that as the business scales, the risks are demonstrably managed.
- Personal Style - You’re perceptive, empathetic, and self-aware and this makes you persuasive and also pragmatic in achieving outcomes
- Communication - you interact with numerous internal and external groups and work closely with enterprise, solution, and data architects and engineers. You also work day to day with software engineering and product teams to embed effective DevSecOps. So you must have fluency with the language of these groups and be able to communicate and coach at the business and conceptual level as well as the detailed technical level
- You have a deep understanding of how new technologies and advanced architecture paradigms impact and transform the IT security landscape

You have a good working knowledge of related technologies/concepts, including cloud platforms, operating systems (Linux ideally) networking, programming, and scripting languages

Your Experience:

- A degree in Information Technology, Computer Science or related field is expected
- You may have additional advanced security qualifications such as SABSA
- (Sherwood Applied Business Security Architecture) or CISSP (Certified Information
- Systems Security Professional) certifications
- You should have a DevSecOps certification to validate skills for designing,
- assessing and securing services and solutions on the cloud
- 5 yrs+ experience in information security and/or IT risk management, including implementing
- DevSecOps functions
- Security solutions
- Multi-factor authentication, single sign-on, identity management or related technologies
- Implemention of ISO 27001 and /or NIST/COBIT frameworks
- Demonstrated ability to interact with a broad cross-section of stakeholders to explain and enforce security measures

**Our Core Values**.**:
**Patient first**:
Big Picture was founded to improve every patient outcome we touch. This mission drives each decision we make.

**360 degrees**:
It is what our name is all about - we see the bigger picture. Our mission is to globally optimise healthcare, not locally optimise a subset of the disconnected system. That is why we need to bring along the entire ecosystem to have the desired impact.

**Fail fast**:
What we are doing at Big Picture is ground breaking and no world changing innovation is discovered through caution. We encourage ourselves to keep moving forward, making smart data-driven decisions quickly. When we fail we need to be agile enough to pivot quickly and go again.