Technical Security Analyst

Apply
- ** Job no**: RFRA4
- ** Category**: Finance & Technology, Technology

**Acknowledgement of Country**:
Hostplus acknowledges the Traditional Owners of the land, sea and waters, of the area that we live and work on across Australia. We acknowledge their continuing connection to their culture and pay our respects to their Elders past, present and emerging.

**About us**:
At Hostplus, we passionately provide our over 1.7 million members with the best possible service; constantly looking for new ways to deliver better value while helping members get the most out of their super. We are inspired to help our members achieve greater security for their future and ensure they retire with dignity.

Your role at Hostplus will give your career meaning, whether you're in marketing, financial advice, Operations or any of our other divisions - you'll be contributing to ensuring our members retire with the best possible outcomes, and what better feeling is there than knowing your role helps someone to retire with dignity and security?

**About the role**:
As the Technical IT Security Specialist, you will be responsible for ensuring that our suppliers and solutions proposed and developed, adhere to high standards of technical security. The position involves providing expert advice, assessing and testing security controls, recommending, and documenting better security practices.

You will report to the Information Security Manager and will be responsible for specifying and advising on the design of technical security controls as well as supporting the controls operating effectiveness through security controls testing, as defined in the Hostplus Information Security Management Framework (ISMF).

Key responsibilities:

- Conduct security threat and vulnerability assessments on the technical design and operating effectiveness of security controls in solutions and services.
- Document agreed security measures as technical, operational and contractual requirements.
- Ensure technical compliance of IT solutions and services to the security requirements in relevant agreements and the Hostplus Information Security Policy and supporting standards and frameworks.
- Communicate technical security gaps and issues identified to suppliers and Hostplus management and provide specialist technical security improvement opportunities and advice to internal stakeholders and suppliers.
- Perform and/or coordinate technical controls assessment and testing activities for new security controls, security weakness remediations or as part of regular controls testing defined in the security calendar.
- Assist in security incident response activities and maintain incident response plans and procedures.
- Assist with maintaining the security module(s) within the Hostplus Governance Risk and Compliance (GRC) system.
- Assist in the execution of other security tasks as required by the Hostplus Information Security Manager, Head of IT Service Governance, Executive Manager Technology or the relevant Group Executive.

**About you**:

- Bachelor's degree in information technology or other relevant qualifications and certifications
- Strong knowledge of security, risk, compliance, and control practices expected of Third Parties, IT General Security Controls or Cyber Security audit experience
- Certification in auditing (CISA), security controls and risk management SANS GIAC, CompTIA Security+, CISM or CISSP are highly desirable)
- Security framework experience - APRA CPS234, NIST CSF, CIS 18, ASD Essential 8, ASD ISM
- Experience performing security control assessments on business solutions and services.
- Strong project management and stakeholder management to coordinate with various business and internal stakeholders.

**Why work for us**:
Our employees are passionate about what we do and are proud to be part of an organisation which helps everyday Australians achieve a brighter future. We value diversity of thought and have an open & flexible workplace. Some industry leading benefits we offer include:

- 15% superannuation.
- Access to subsidised financial advice.
- Salary packaging.
- Hybrid working arrangements, work remotely & in the office.
- Excellent EBA conditions eg: paid parental leave, long service leave at 5 years, additional leave over Christmas shutdown.

**What next**:
If you are interested in this opportunity, please follow the prompts to formally apply.

We are passionate about creating an inclusive workplace that promotes and values diversity. We believe diversity of thought, background and experience strengthens relationships and delivers meaningful benefits to our people, our members, and the communities we operate in.

**We Care**: We care about our work, our clients and colleagues.

**Better Together**: We've got each other's backs, and we never walk alone.

**Go For it**: We are optimistic, and we focus on solutions, not problems.

**Keep it real**: We are honest, genuine, straightforward and transparent.

**Be Proud**: We a