Cyber-analyst

One of our Federal Government Clients is seeking to engage a **Cyber Security GRC analyst**. This is a long-term contractual position.

**Role       : Cyber Security GRC analyst**
**Location : Canberra,ACT**
**Contract Length **  : 12 months, with possibility of 12 months extension
**Security Clearance ** : Australian Citizen with Baseline security clearance

**Overview**:
Help align security expectations with the ISM and PSPF, Essential 8 and other relevant industry best-practices.
- Support and be involved in IRAP preparation activities, ensuring documentation is developed, collated and correct.
- Assist with the management and implementation of the department’s IT security strategies.
- Assist in managing cyber risk to support the delivery of secure departmental systems and services.
- Effectively manage relationships with key stakeholders to ensure the IT systems operate in accordance with the Australian Government Security Standards.
- Assist with the planned migration of services to the cloud, by managing cyber risk to support the delivery of secure systems and services for the department.
- Provide advice on cyber security to broad range of stakeholders.
- Conduct security and quality assurance reviews of security documentation, project, and external service provider deliverables.
- Utilise statistical data to raise consumer confidence in the security and privacy of Department IT systems.
- Developing, maintaining and reviewing security requirements, design and testing documentation, technical specifications and other documentation related to ICT systems.
- Prepare system security reports by collecting, analysing, and summarising data and trends, and evaluating identified issues to implement system enhancements.
- Recognising the broader threat environment effectively manage changes to the operating environment by using acquired knowledge to implement action that strengthens the department’s cyber security posture whilst adhering to compliance requirements.
- Contribute towards knowledge transfer of skills and mentor staff as appropriate.
- Complete technical reviews and endorsements of technical solution designs and changes against documented security baselines.

**Job Duties and Responsibilities**:
Cyber Security System Definition: A document that defines the system, ranks its criticality to ongoing business, and to assess any outstanding risk factors which may affect the department
- System Security Plan and Annex: a document defined in accordance with Control: ISM0041; Revision: 5; Updated: Jun-22; Applicability: All; Essential Eight: N/A.
- Security Threat and Risk Assessment: A document which identifies system risks, impacts, controls and mitigations based on the system design, business processes, cyber threat landscape and security best practice. This document includes thorough risk identification and assessment, the impact of the risk and a plan for resolution. A Security Threat Risk Assessment must contain adequate information to enable the Client ITSA to provide a recommendation to accept or treat the risk.
- Continuous monitoring plan: a document defined in accordance with ACSC ISM Control: ISM1163; Revision: 8; Updated: Mar-23; Applicability: All; Essential Eight: N/A
- Incident Response Procedure: a high-level description of how the proposed system will operate within the Client Incident Response Framework including list of key system contacts.
- Essential 8 Checklist: A document describing how the system aligns to each of the ACSC’s Essential Eight Maturity Model controls.
- Plan of Actions and Milestones: Describes the outstanding security vulnerabilities in a system and the plans for their rectification. Actions are typically mitigations identified during the security assessment.
- Authority To Operate Memo: a memo describing the system under assessment, the residual risks of the system, plan for resolving outstanding issues, and risk summary, and requesting of the Client CISO, System Owner, and Business Owner approve the system to operate within the Client environment.
- Status reporting: weekly reporting of work undertaken across Client including status of current tasks, deliverables, and prospective milestones of note.

**Next Steps**:
**Referral Incentive Program**:
**Job Type**: Contract
Contract length: 36 months

**Salary**: Up to $1,100.00 per day

Schedule:

- 8 hour shift

Application Question(s):

- Are you an Australian citizen?

Ability to Relocate:

- Canberra, ACT 2601: Relocate before starting work (required)

Work Location: Hybrid remote in Canberra, ACT 2601