Senior Cyber Security Assurance and Risk Analyst

As the Senior Cyber Security Assurance and Risk Analyst, you will provide operational support in delivering Cyber Security governance, risk assurance, audit and compliance to ensure that Cyber Security strategic objectives are achieved and that information resources, particularly those critical to the functioning of the organisation, are secured effectively from threat while enabling the business to operate effectively. This role will require close collaboration with other major areas in the Cyber Security team assisting the organisation achieve Cyber Resilience. Working with the business, you will use your experience and skills to provide security advice to help develop, manage and maintain effective controls across the environment.

Accountabilities and Responsibilities:

• security advice to stakeholders to assist them acquit their security assurance and risk management accountabilities.
• Establish, build and maintain highly effective working relationships with internal and external stakeholders.
• Understand the Information Security Risk and control environment within the context of strategic and Organisational objectives.
• You will be responsible for ensuring risk and assurance outcomes are managed through the GRC and CIRRIS toolsets.
• Assist broader Stakeholders understand the control environment, in order to manage systems under their control effectively within the security landscape.
• Manage and produce quality reports and advice on control effectiveness.
• Assist programs of work through the certification and accreditation process.
• Provide specialist cyber security assurance and risk management advice.
• Preparation and/or validation of Security Requirements for RFQ / RFI usage.
• Participate as security SME on RFQ/RFI panels.
• Work with program teams to ensure alignment with security standards.
• Attend Change Advisory Board meetings as the security representative.
• Assist with the preparation of statements of work for acquisition of panel resources to meet security requirements (e.g. develop System Security Plans, Statements of Applicability, security risk assessments and others as required).
• Perform quality control of vendor security related deliverables.
• Assist in the maintenance of information security standards.

Key Performance Indicators:

Efficient, Effective and Accountable

• Management of the information security control environment
• Monitoring and report on the effectiveness of controls
• Identifying control objectives and or risk management requirements and ensure they are managed to an agreed outcome.
• Negotiate treatments

Technical, industry and subject matter:

• Solid skills and experience in providing cyber assurance and risk management services in a high paced complex enterprise.
• Experience in a mission critical environment would be highly regarded
• Understanding cyber risks and the ability to provide effective advice on security controls in traditional ICT and operational technology (OT) environments
• Ability to translate technical security issues through a business lens
• Demonstrated experience in cyber assurance functions with a focus on risk analysis and alignment to government and industry cyber standards.
• Understanding of IT Security Management principles and delivery within an ITIL-based operational framework.
• Good written and verbal communication skills, including presentations and reporting.
• Strong soft skills in Negotiation, Prioritisation and Time Management.

Risk Management:

• Experience in supporting the business with cyber security advice using a risk-based approach
• Working Knowledge of Risk Management, and its application in an information security context
• Review and contribute to security assessments considering business criticality, information sensitivity and security objectives.
• Understanding of:
• NIST Managing Information Security Risk, and
• NIST Risk Management Framework for Information Systems

Management, communication, personal and interpersonal:

• A proactive approach to customer issues and problem resolution
• Well-developed communication skills, both written and verbal
• Ability to build and maintain effective working relationships and engage with key internal and external stakeholders at all levels.
• Sound research, analytical, conceptual and problem-solving skills including the proven capacity to initiate operational responses to key issues affecting the a system
• Ability to set clear objectives and monitor outcomes

Qualifications

• Formal Industry or academic qualifications in an Information Communications Technology (ICT) discipline or Cyber Security are highly desirable.
• industry recognised qualifications in at least One of the following or similar are essential
• CISSP - Certified Information Systems Security Professional
• CISSP - ISSAP, ISSEP, ISSMP
• ICS410: ICS/SCADA Security Essentials
• CISA - Certified Information Systems Auditor
• CRISC - Certified Risk and Information Systems Control
• CGEIT - Certified in the Governance of Enterprise IT