Security Assurance Analyst

Role

Security Assurance Analyst

Group/Division/Branch

Financial Policy and Information Services/ Information Management and Technology Division/ Information Security Services

Classification

VPS5

Location

CBD Melbourne (Hybrid)

Reports To

Felix Chow - Security Assurance Manager

About the Role

The Security Assurance Analyst is a key contributor to our information security governance program, acting as part of the Department's second-line audit function. In this role, you will:

• Contribute to the development of security assurance programs and annual test plans
• Lead and report on comprehensive manual and automated security testing programs
• Conduct security assurance audits across systems, personnel, and facilities
• Identify weaknesses and gaps in processes and controls, using industry frameworks such as ASAE3402, SOC2, or NIST SP
• Support policy and procedural development that drives continual security improvement
• Collaborate with internal stakeholders and external auditors to ensure compliance
• Support remediation efforts by validating the implementation of actions to support the closure of audit findings.
• Facilitate evidence collection and reporting to support external audit readiness

This hands-on position will challenge your analytical and critical thinking skills while providing you the opportunity to directly improve security outcomes across a vast digital environment-impacting over 1,500 schools, 50,000 teachers, and 650,000 students across Victoria.

Attributes

As our ideal candidate, you will have:

• Strong ability to evaluate complex systems and controls, identify risks and gaps, and recommend practical improvements.
• Accuracy and precision in documenting audit findings, collecting evidence, and reporting on compliance indicators.
• Capacity to develop and implement effective solutions to strengthen security posture and address audit findings.
• Clear and professional verbal and written communication skills, especially in reporting technical issues to non-technical stakeholders.
• Ability to work effectively with cross-functional teams, including technical teams, business units, and external auditors.
• High ethical standards and a strong sense of accountability when handling sensitive information and security matters.
• Proactive approach to identifying opportunities for process improvements and driving audits forward independently.
• Understanding of audit frameworks, cyber security standards, and familiarity with relevant tools and automation platforms.
• Ability to manage competing priorities in a dynamic environment, especially when facing resistance or ambiguity.
• Willingness to contribute to the evolution of policies, processes, and standards to align with best practices and emerging risks.

Essential Qualifications and Experience

• Relevant tertiary qualification in Computer Science, Risk Management, Audit Management, or related field
• Audit experience using either ASAE3402/3150, SOC2, NIST SP , or COBIT

Desirable:

• Certifications supporting relevant audit knowledge (GAIC, CISA, IRAP, CISSP, etc)
• Technical capability to introduce automation methods to streamline audit functions

How to Apply

Applicants are required to submit a CV and cover letter (max. 2 pages for cover letter) which summarises their skills, relevant experience and suitability to the role.

About the Department

With the increasing sophistication of cyber threats, ensuring the privacy and safety of our staff and students online is more important than ever. The Department of Education's Information Management and Technology Division (IMTD) is seeking a skilled and proactive Security Assurance Analyst to help strengthen and maintain the Department's cyber security framework.

As part of the Information Security Services Branch, you will play a critical role in ensuring Victorian government schools and departmental operations are secure, compliant, and resilient against emerging cyber risks. Your work will provide assurance to key stakeholders, including the CIO and Executive Board, that strategic information security risks are being effectively managed.

About the Division

Enjoy a career that makes a difference by helping to shape the education experience for Victoria.

• Be part of a vibrant Department culture with a strong sense of community and inclusion.
• Join the Education State.
• At the Department, we are committed to giving every Victorian the best learning and development experience, making our state a smarter, fairer, more prosperous place.

The Information Management and Technology Division (IMTD) guides the Departments' digital capability and is leading digital transformation for the Department including Victorian government schools. The Division architects, manages and supports the largest technology network in Victoria, supporting a user base of approximately 750,000 staff and students.

IMTD provides innovation and leadership in the transformation and management of the Department's digital capability through the implementation of solutions on the department's cloud environment (IaaS), enterprise cloud platforms (PaaS) and software (SaaS).

Further Information

For more details regarding this position please see attached position description for the capabilities to address in application.

The department values diversity and inclusion in all forms - gender, religion, ethnicity, LGBTIQ+, disability and neurodiversity. Aboriginal and Torres Strait Islander candidates are strongly encouraged to apply. For more information about our work, working for the Department, diversity and inclusion, and our employment conditions visit the Department website and our Diversity and Inclusion page

Applicants requiring adjustments can contact the nominated contact person. Information about the Department of Education's operations and employment conditions can be located at

For further information pertaining to the role, please contact Felix Chow, Security Assurance Manager via or by email

Preferred applicants may be required to complete a police check and may be subject to other pre-employment checks. Information provided to the Department of Education will be treated in the strictest confidence.

Please let us know via phone or email if you require any adjustments to ensure your full participation in the recruitment process or if you need the ad or any attachments in an accessible format (e.g. large print) due to any viewing difficulties or other accessibility requirements.

Applications close 11:59pm on October 14th 2025