Senior Cyber Security Assurance and Risk Analyst

Senior Cyber Security Assurance and Risk Analyst

• Fed Gov - aviation sector
• Canberra CBD + WFH (2 days in office)
• Australian Citizens holding a current NV1 Security Clearance will be preferred

Reporting to the Cyber Security Design and Assurance Lead, you will be responsible for providing expert support for delivering enterprise-wide security governance capability and developing efficient and streamlined associated methodologies and processes.

As the Senior Cyber Security Assurance and Risk Analyst, you will provide operational support in delivering Cybersecurity governance, risk assurance, audit, and compliance to ensure that cybersecurity strategic objectives are achieved and that information resources are effectively secured from threats, enabling the business to operate efficiently.

This role will require close collaboration with other significant areas in the Cyber Security team, assisting in achieving Cyber Resilience. Working with the business, you will utilise your experience and skills to provide security advice, helping to develop, manage, and maintain effective controls across the environment. 

Responsibilities:

• In this role, you'll be a credible source of expert information and provide specialist cybersecurity advice to stakeholders, assisting them in fulfilling their security assurance and risk management accountabilities.
• Establish, build and maintain highly effective working relationships with internal and external stakeholders.
• Understand the Information Security Risk and control environment within the context of strategic and Organisational objectives.
• You will manage risk and assurance outcomes through the GRC and CIRRIS toolsets.
• Assist broader Stakeholders in understanding the control environment, to manage systems under their control effectively within the security landscape.
• Manage and produce quality reports and advice on control effectiveness.
• Assist programs of work through the certification and accreditation process.
• Provide specialist cybersecurity assurance and risk management advice.
• Preparation and/or validation of Security Requirements for RFQ / RFI usage.
• Participate as security SME on RFQ/RFI panels.
• Work with program teams to ensure alignment with security standards.
• Attend Change Advisory Board meetings as the security representative.
• Assist with preparing statements of work for acquiring panel resources to meet security requirements (e.g., developing System Security Plans, Statements of Applicability, security risk assessments, and others as required).
• Perform quality control of vendor security-related deliverables.
• Assist in the maintenance of information security standards.

**To be successful in this position, it is expected that you will have the following:

You must have public cloud security experience focussing on providing technical security advice and assessing security controls for cloud projects involving classified data.

Technical, industry and subject matter:**

• Solid skills and experience in providing cyber assurance and risk management services in a high-paced, complex enterprise.
• Understanding cyber risks and the ability to provide practical advice on security controls in traditional ICT and operational technology (OT) environments
• Ability to translate technical security issues through a business lens
• Demonstrated experience in cyber assurance functions with a focus on risk analysis and alignment to government and industry cyber standards.
• Understanding of IT Security Management principles and delivery within an ITIL-based operational framework.
• Good written and verbal communication skills, including presentations and reporting.
• Strong soft skills in Negotiation, Prioritisation and Time Management.

Risk Management:

• Experience in supporting the business with cybersecurity advice using a risk-based approach
• Working Knowledge of Risk Management and its application in an information security context
• Review and contribute to security assessments considering business criticality, information sensitivity and security objectives.

• Understanding of:

• NIST Managing Information Security Risk, and

• NIST Risk Management Framework for Information Systems

Qualifications:

• Formal Industry or academic qualifications in an Information Communications Technology (ICT) discipline or Cyber Security are highly desirable.

• Industry recognised qualifications in at least one of the following or similar are essential:

• CISSP – Certified Information Systems Security Professional

• CISSP – ISSAP, ISSEP, ISSMP
• ICS410: ICS/SCADA Security Essentials
• CISA – Certified Information Systems Auditor
• CRISC – Certified Risk and Information Systems Control
• CGEIT – Certified in the Governance of Enterprise IT

Eligibility:

• Australian Citizens holding a current NV1 Security Clearance will be preferred.

Work From Home Policy:

• Hybrid (2 days in office)

Rate:

• Up to $ per day inc Super

Apply now. 

• For more information, contact Iain on