Cyber Security Analyst

**Application closing date**: Tuesday, 12 November 2024 - 11:59pm, Canberra time

**Estimated start date**: Monday, 16 December 2024

**Location of work**: ACT

**Working arrangements**:Subject to negotiations with line manager, hybrid working arrangements in line with current NDIA policy are available (minimum of 3 days each week in the office, with flexible arrangements in place for the remaining 2 days).

**Length of contract**: 12 Months

**Contract extensions**: 1x 12 months

**Security clearance**: Must have NV1 Clearance

**Rates**: $90 - $120 per hour (inc. super)

The National Disability Insurance Agency (NDIA) is an independent statutory agency that is responsible for implementing the National Disability Insurance Scheme (NDIS), which will support a better life for hundreds of thousands of Australians with a significant and permanent disability and their families and carers. The NDIA values a positive contemporary attitude to disability.

The Cyber Security and Resilience Branch implements the requirements of government security policies and frameworks. This is achieved by providing strategic, tactical and operational Agency-wide oversight of Cyber Security and Operations. The Cyber Security & Resilience Team is responsible for identifying key security risks in the ICT environment and ensuring the NDIA is able to identify, mitigate and be resilient to cyber threat activity.

The team develops, governs, and maintains an enterprise data warehouse as well as the NDIA's reporting platforms and production content. They design and build Business Intelligence (BI) interventions and prototype analytic solutions and reports, identifying trends and drivers of performance.

Cyber Security Risk Analyst (Labour Hire) is accountable under broad direction to undertake work that delivers outcomes across the NDIA. The position is required to undertake projects that may include performing varied activities involving many different and unrelated processes or methods that may impact on the strategic or operational outcomes that support the NDIA's objectives to "build a world-leading National Disability Insurance Scheme".

Responsibilities of the role include but are not limited to
- Conducting security risk analysis of NDIA internal systems and assessing the cyber threat, inherent vulnerabilities and the likelihood and consequences of adverse threat activity.
- Implementing better-practice methodologies and risk management practices aligned with MITRE Att&ck Framework, NIST, ISO 31000/ISO 27001 and the PSPF.
- Developing the production of system-specific security documentation artefacts, including Statement of Applicability, System Security Plan, Security Risk Management Plan, Cyber Security Incident Response Plan, Continuous Monitoring Plan and Security Assessment Plan. - Developing Authority to Operate artefacts and managing security risks and controls uplift activities arising from cyber security risk analysis. - Developing security risk advice to allow the NDIA to prevent detect and respond to cyber threat activity.

(NOTE: the key responsibilities of the role are based on current priorities and may change over time)

**Essential Criteria**
- Minimum of 5 years' experience in Cyber Governance, Risk and Compliance, or a related field of cyber security
- Must be an Australian citizen and hold a minimum NV1 Security Clearance
- Demonstrated experience in the production of system-specific security documentation artefacts aligned to the Information Security Manual Suite of documentation
- Demonstrated experience conducting security risk analysis of ICT systems and assessing the cyber threat, inherent vulnerabilities and the likelihood and consequences of adverse cyber threat activity.

**Desirable Criteria**
- CISM, CISSP or other cyber security qualifications
- A degree in computer science or a related field.