Cyber Threat and Vulnerability Analyst

Purpose of role Cyber and Information Security is responsible for managing the departments cybersecurity roadmap in conjunction with strategy and architecture team. The Cyber Planning and Policy Design team is responsible for information security, availability, confidentiality, privacy and integrity of the department's data while effectively managing cyber risks. The team is responsible for developing and reviewing policies, programs and guidelines, and promoting awareness of cyber policy and strategies across QFD. Key requirements Highly desirable requirements - Minimum of 5 years' experience in risk management, information security, ICT security and modern cloud native environments. - An Information Security Certification or qualification i.e. the Cyber Information Systems Security Professional (CISSP) or similar would be highly desirable - Knowledge of concepts, standards and frameworks in vulnerability management, such as Common Vulnerability Scoring Systems. - Experience in consuming and utilising cyber threat intelligence to improve cyber security integrity. Your key accountabilities Your part in the ongoing success of our department, in supporting frontline services will see you responsible for a variety of work, including, but not limited to: - Perform IT security risk-based technical assessments, and manage monitoring, investigation, containment, eradication, recovery, documentation and reporting on information assets, and proactively advocate for the implementation of appropriate measures to prevent or respond to potential information security issues. - Conduct regular security investigations, risk and vulnerability assessments and develop reports on findings to provide strategic and tactical advice including recommendations on remediation and mitigation of future risks. - Develop, review and implement vulnerability management policies, standards and procedures to ensure compliance with relevant data protection and privacy laws, and regulations that safeguard our organisation's networks and systems. - Consult, negotiate and communicate with users, system stakeholders, vendors and ICT professionals to raise awareness, and to promote and implement a shared and consistent understanding of information security and cyber security vulnerabilities. - Provide expert analysis and advice in relation to the department's information security threats and vulnerabilities and determine current maturity levels, and compliance with relevant legislation, regulations, standards, and frameworks applicable to information security requirements. - Analyse multiple sources of vulnerability reports and determine what types of remediations are required to mitigate risk, streamline existing processes and implement information security efficiencies that improve our IT environment. - Build and maintain effective working relationships with internal and external stakeholders, and suppliers to promote sound information security practices, and assist in developing strategies and activities to support effective security vulnerability management. - Maintain, update and continually expand knowledge of developments and trends within the network and information security industry, and evaluate the benefit and applicability to departmental systems that enhance cyber security. Capabilities To determine your suitability for the role, you will be assessed on the following Leadership Competencies for Queensland behavioural profiles that link to the "key accountabilities" for this role: Leadership Competency Stream - Individual Contributor (leading self) Vision - Stimulates ideas and innovation - Makes insightful decisions Results - Builds enduring relationships - Drives accountability and outcomes Accountability - Fosters healthy and inclusive workplaces - Demonstrates sound governance Once you join us we will want you to exemplify the QFES shared values: - Respect - Integrity - Courage - Loyalty - TrustThis work is licensed under a Creative Commons Attribution 3.0 Australia License.