Cyber Security Analyst

**Application closing date**: Wednesday, 23 October 2024 - 11:59pm, Canberra time (in Canberra)

**Estimated start date**: Wednesday, 01 January 2025

**Location of work**: ACT

**Length of contract**: 12 Months

**Contract extensions**: 1x 12 Months

**Security clearance**: Must have Negative Vetting Level 1

**Rates**: $100 - $130 per hour (inc. super)

Services Australia is seeking a Cyber Security Analysts who will work within the Integrated Cyber Risk Management section to undertake cyber risk assessments of key technology components and systems. A Cyber Risk Analyst is required to meet Protective Security Policy Framework (PSPF) requirements and deliver key system authorisations on behalf of the Agency and Shared Services Partners.

A Cyber Security Analyst is a specialised role that is required to understand cyber security controls protecting Government ICT Systems, processes, and information. A Cyber Security Analyst undertakes system security assessments based on required controls and communicates and develops documentation so informed decisions can be made regarding associated cyber security risks.

The following experience and knowledge are required Extensive experience with risk and information security frameworks, policies and standards, including the Federal Government PSPF and Information Security Manual (ISM), and international standards (ISO 27001/2). Demonstrated working experience in security threat and risk assessment and development of security authorisation artefacts. Demonstrated security experience within complex ICT environments. Strong stakeholder management skills, and the ability to communicate security concepts to non-technical audiences both verbally and in writing. Understanding of global Cyber Security trends, attack vectors and techniques. Tertiary, - or other relevant qualifications are advantageous.

Key duties may include, but are not limited to:

- Identify, test and assess applicable security controls in line with the Australian Government PSPF, ISM and agency policies and guidelines.
- Analyse and document security risk and recommend treatments and modifications to security practices and procedures using expertise and technical knowledge.
- Contribute to the system authorisation program of work, system projects and programs, by developing or reviewing security artefacts, including Threat and Risk Assessments and System Security Plans.
- Manage, develop and support complex relationships with stakeholders to achieve work area goals. - Manage and maintain the agreed service levels.
- Assist with the development and implementation of security policies, procedures, projects, and strategies.
- Continuously work to improve the efficiency and effectiveness of the cyber security service.
- Educate and inform departmental staff to promote understanding and ensure adherence to security policy and processes.

**Essential Criteria**
- Extensive demonstrated experience with risk and information security frameworks, policies, and standards, including the Federal Government Protective Security Policy Framework (PSPF) and Information Security Manual (ISM), and international standards (ISO 27001/2).
- Demonstrated working experience in security threat and risk assessment and development of security authorisation artefacts.

**Desirable Criteria**
- Demonstrated security experience within complex ICT environments.
- Strong stakeholder management skills, and the ability to communicate security concepts to non-technical audiences both verbally and in writing.
- Understanding of global Cyber Security trends, attack vectors and techniques.
- Demonstrated experience in Federal Government.
- Relevant tertiary or other qualifications.