Cyber Security Analyst

Full-time, permanent role
- (South Wharf CBD location) with flexible work options available (work remotely if needed)
- Employer of Choice winner four years in a row

Melbourne Convention and Exhibition Centre (MCEC) is the home of unconventional. At MCEC we do things a little differently. We bring fresh ideas and imagination to every event. We happily turn concepts on their head to make each experience momentous.

We welcome events of all shapes and sizes, from board meetings and small celebrations through to conventions, gala dinners, exhibitions, and concerts. Our doors are open for events and moments that connect us - in person, virtual or hybrid, and everything in between.

Our city is our inspiration, located in the vibrant South Wharf precinct, just a stroll along the Yarra River. Melbourne is on show at MCEC - in the architecture and design, food and hospitality, AV technology, Customer Service, location, and views.

**About the role**

The Cybersecurity Analyst will be responsible for ongoing operational management of the MCEC Security Management Framework (SMF). This role will also include working closely with the Information Technology team to bring the team on the journey of extending current capabilities and understanding of the importance of cybersecurity and information security

This role will seek to provide an uplift to the Information Technology team to ensure that it can enable the security aspects of the digital transformation journey that MCEC is currently undertaking.

Key focus areas will include:

- Cybersecurity operationalisation activities
- Monitor, respond and recover activities including incident management
- Risk assessments and treatments

Cybersecurity Analyst role reports to the Manager Cyber Security and includes monitoring current system security measures, risk treatment plans, and implementing actions. Conducting regular system tests and ensuring continuous monitoring of cyber security, establishing disaster recovery procedures, and conducting breach of security drills.

**Key Accountabilities**
- Manage the active monitoring and control of security controls to ensure they are effective and meet MCEC expected outcomes and metrics
- Lead the monitoring, investigation, documenting, and response to cyber security events and incidents. This includes being the Liaison Officer between MCEC and any third-party partners.
- Assist in the development of the Cyber Resilience Plan using the NIST approach of Respond and Recover. Align this plan to the organization’s BCP and DR requirements.
- Work with the business and IT teams to set and manage metrics for effectiveness of security controls
- Assist Manager Cyber Security to develop MCEC-wide best practices and stay up to date on security trends and standards.
- Work with security teams to ensure security measures are implemented as part of the System Development Life Cycle (SDLC) including participation in peer reviews and Technical Design Authority
- Assist with the information security risk assessment process, developing Security Risk Assessments (SRA) and System Security Plans (SSP) - ensuring that the MCEC IT team have a well-understood process and procedure for maintaining an up-to-date risk register
- Assist in the completion of internal audits and VPDSF attestation processes
- Actively participate in driving MCEC’s strategic cybersecurity maturity goals - through direct participation in the cybersecurity program of works
- Ensure business benefits including risk management outcomes are achieved through the MCEC cybersecurity program of works
- Assist in the annual, independent review of MCEC’s cybersecurity maturity utilizing a recognised industry framework
- Ensure all cybersecurity controls and measure are operationalized and effective across MCEC
- Work proactively and collaboratively with other business stakeholders in promoting and understanding MCEC information assets and their intrinsic value
- Work closely with Victorian State Government Departments to leverage their expertise, skills, training materials and procurement arrangement in maturing MCEC’s cybersecurity posture and response capabilities

**Qualifications, knowledge, and Experience**:
**Essential**
- Relevant tertiary qualifications (e.g., computer science or IT degree), industry certifications (e.g., CISM, CISSP, TOGAF, GIAC) and/or relevant industry experience.
- 5-10 years' experience in information security and IT risk management. Information Technology best practice training or qualification
- A strong working knowledge of current IT risks, security implementations, and computer operating and software programs.
- High level written, verbal communication and interpersonal skills.
- Proven technical and interpersonal skills are required to develop sound communications options.

**Desirable**
- Information Technology best practice training or qualification
- Agile training and/or qualification
- Excellent teaching, problem-solving, communication,