Manager Incident Response

**About us**
The Department of Government Services (DGS) was established on 1 January 2023 to improve everyone's experience of doing business and interacting with the Victorian government. We bring important day-to-day services together in one department to make things easy and seamless for Victorians and businesses. We are doing this by connecting and digitising our systems and platforms across state and local government as well as streamlining our corporate and procurement services.

**About the role**
The Manager Incident Response is a key member of the Cyber Security, Data and Digital Resilience Division. Reporting to the Senior Manager, Victorian Government Cyber Incident Response Service, the Manager Incident Response is responsible for providing incident response leadership in the management of the cyber incident response function within the Victorian Government Cyber Incident Response Service (CIRS) and contributing to the division's broader incident and emergency functions.

It includes leadership and coordination of the incident response functions throughout the incident response cycle to support operational and strategic decision making.

The role leads the diagnosis and technical response to significant and emergency cyber incidents that affect the Victorian public sector and provides stakeholders with high-quality advice to identify, contain, eradicate and remediate cyber incidents and threats impacting the Victorian Government.

The position is responsible for the management of the incident response and digital forensic functions of CIRS and supports the Senior Manager to deliver a sustainable, high-performing service, including the provision of reporting and expert advice to senior executives and key stakeholders.

The position also assists whole-of-government responses to major cyber security incidents. The position requires strong initiative, professional drive and integrity-including the ability to manage competing deadlines during periods of heightened operational tempo.

**About you**

To be considered for the role, you must be able to demonstrate:

- Demonstrated skills and experience in information security domains including threat intelligence, analytics, detection, hunting, digital forensics (including evidence handling), defensive/offensive security domains. Strong knowledge and experience with cyber security frameworks, and state and national cyber incident management arrangements.
- Demonstrated experience (>3 years) in leading and coordinating responses to concurrent and major cyber incidents across diverse stakeholder groups with varying technical and response capabilities, including incident response, digital forensics, threat hunting or security operations.
- Ability to identify, diagnose and assess an incident and work with stakeholders to develop response options and implement solutions in complex and high-pressure operating environments.
- Highly developed interpersonal, negotiation and leadership skills, with a proven record of initiating and maintaining relationships across government and industry sectors and facilitating strategic partnerships to deliver agreed objectives.
- Demonstrated capacity to work with stakeholders in high pressure situations such as emergency events.
- Well-developed written and verbal communication skills, ability to confidently convey complex concepts and information and meet the needs of targeted audiences at various levels of government. Includes expertise in the preparation of operational reports, briefs and recommendations on a variety of issues.
- Exceptional leadership in incident response, including assessing, diagnosing issues and developing remediation advice and recommendations.
- Demonstrated experience in mentoring, training and developing junior staff.
- Objectively identify opportunities for process improvement.

**Mandatory requirements**
- The successful applicant must be an Australian citizen or eligible for Australian citizenship and will be required to attain and maintain a Negative Vetting 2 Security Clearance.

**Desired requirements**
- Participation in an on-call roster and the ability to perform intermittent after-hours work in response to incidents or emergencies.

**Key Accountabilities**
- Works closely with the divisional and branch leadership to design, develop and deliver incident response supports and services to improve whole of Victorian Government cyber uplift and resilience, including providing expert advice to the Victorian Government Chief Information Security Officer, divisional executives and key stakeholders across the whole of Victorian Government.
- Leads and supports the delivery of sustainable, high-performing 24/7 x 365 incident response and emergency service to assist affected Victorian Public Sector entities. Supports the technical response to and resolution of major cyber security incidents affecting the Victorian Government, including during cyber security emergency situations for which the Depar