Governance, Risk and Compliance Practitioner, ID Operations Office

• Ongoing/Non-Ongoing
• Salary: $ to $ plus 15.4% superannuation
• Canberra, ACT

Employment Opportunity

We are looking for a Cyber Security Governance, Risk and Compliance (GRC) Senior Practitioner to assist in safeguarding the Department's systems and critical information. The successful applicant will have significant experience working with Australian Government security regulations and frameworks such as the IRAP assessment, Protective Security Policy Framework (PSPF), Information Security Manual (ISM), Essential 8 and ASD Blueprints.

The role will focus on system lifecycle security assessment and authorisation processes of departmental networks, platforms and applications, delivered both on-premise and in the cloud. GRC Practitioners will work with project and business-as-usual teams as integrated Entity Assessors to enable successful secure delivery and control uplift of systems.

The position will be filled at Executive Level 2 and will suit candidates who have a minimum of 5 years hands on technical information security experience, demonstrated management and leadership capabilities, technical writing skills, strategic thinking and communicating with influence to a broad stakeholder group.

The successful candidate will be required to support the following role functions. Develop and produce, review and collate Cyber Security GRC artefacts including:

• Business Impact Levels
• Threat and Risk Assessments
• Plan of Action and Milestones
• System Security Plans and Annexes
• Continuous Monitoring Plans
• Incident Response Plans
• Change and Configuration Management Plans
• Authority to Operate briefs

How you can make a difference

• Detailed knowledge in the assessment and authorisation of ICT platforms and solutions for Government.
• Demonstrated track record of performing quality ICT technical work including documentation as part of a team and project.
• Detailed knowledge of Australian Government security standards, such as the IRAP Assessment Program, Protective Security Policy Framework (PSPF) and the Australian Government Information Security Manual (ISM).
• Detailed knowledge of the Australian Cyber Security Centre`s (ACSC) Essential 8 maturity model and further strategies to mitigate Cyber Security incidents.
• Working knowledge of ASD`s Blueprint for Secure Cloud or equivalent vendor security posture blueprints or security hardening.
• Experience identifying, evaluating, and articulating information risk in an enterprise environment.
• Demonstrated comprehensive knowledge of ICT and information security technologies and best practices. Experience in similar role within a medium/large size organisation.
• Desirable – Understanding of Project Management Office governance and project delivery methodologies.

Other qualifications:

Desirable - Certification and/or membership to relevant professional organisations including certification in any of the following: AISA, ACS, CISSP, ISO/IEC 27001, Security+, CISA, CISM, SABSA, GIAC, SANs, ITIL and PMBOK.

Desirable - Relevant tertiary qualifications obtained from a recognised Australian tertiary institution or equivalent assessed comparable overseas qualification in Computer Science, Software Engineering, Information Technologies, or Cyber Security is highly desirable.

Merit Pools:

A merit list or pool may be created as part of this selection process and used to fill similar vacancies in Canberra, ACT.

Flexible work arrangements will be considered and supported where possible. These may include:

• Job Share
• Hybrid Work
• Remote Work
• Compressed Hours
• bandwidth Modification.

Candidate Information Kit Opens in new window

Candidate Information Kit - Accessible Version Opens in new window