Manager Security Assessor Essential Eight

The opportunity

The Security Assessor is responsible for leading and delivering Essential Eight maturity assessments across Federal Government and regulated Defence industry clients. The role focuses on assurance activities including documentation-based reviews onsite validation of security configurations and technical control effectiveness testing. The position requires strong audit discipline sound technical foundations in networking and infrastructure security and the ability to translate control gaps into practical and defensible remediation advice aligned to government frameworks.

This role operates as a trusted advisor to senior stakeholders including CISOs security executives and system owners providing clear assessment outcomes and maturity uplift guidance.

This is a hybrid position based in Canberra Ngambri.

Your key responsibilities

• Lead end-to-end delivery of Essential Eight maturity assessments in-line with ASD guidance across Unclassified Official Protected and higher environments.
• Conduct document-based control reviews including policies standards procedures architectural designs and operating models.
• Plan and execute onsite assessments including evidence collection interviews observation and validation of implemented controls.
• Assess technical control effectiveness across application whitelisting patching macro security privilege management MFA backups and configuration hardening.
• Critically evaluate the design and operating effectiveness of controls against Essential Eight maturity requirements.
• Document assessment outcomes with clear maturity ratings risk articulation and defensible audit trails.
• Develop clear findings evidence summaries and prioritised remediation recommendations for technical and executive audiences.
• Provide quality assurance over junior assessor outputs and contribute to consistent assessment methodologies.
• Support client uplift programs through reassessment targeted advisory and validation reviews.
• Engage confidently with system owners infrastructure teams and security leadership to validate control implementation.
• Engage confidently with industry executive leaders communicating clearly on assessment scope approach and findings.
• Maintain strong alignment to ASD guidance ISM PSPF and DISP requirements as applicable.

Skills and attributes for success

Experience and Qualifications:

• 7-10 years experience in cyber security technology risk or security assurance roles.
• Demonstrated experience delivering Essential Eight assessments end to end.
• Experience working with Australian Federal Government or regulated industry clients.
• Prior audit assurance or risk assessment background highly regarded.
• Relevant certifications desirable including CISSP CISA CISM ISO 27001 Auditor CRISC or similar.
• Formal tertiary qualification in information security IT or related discipline preferred.

Technical Knowledge and Skills:

• Strong working knowledge of the ACSC Essential Eight maturity model and assessment guide.
• Practical understanding of Windows operating systems and security configuration baselines.
• High-level understanding of modern ICT environments including on-premise cloud and SaaS application architectures.
• Solid networking fundamentals including firewalls segmentation remote access authentication flows and logging.
• Understanding of identity and access management including privileged access models and MFA implementations.
• Knowledge of backup architectures recovery testing and resilience considerations.
• Familiarity with vulnerability and patch management processes and tooling.
• Ability to interpret technical artefacts such as system builds group policies firewall rules and access configurations.
• Understanding of common security control frameworks such as ISM NIST and ISO 27001.

Assessment and Consulting Skills:

• Demonstrated experience undertaking formal control assessments in regulated or government environments.
• Strong understanding of assurance principles including independence evidence sufficiency and defensibility.
• Experience conducting both paper-based and onsite evidence driven assessments.
• Ability to identify gaps between documented intent and actual operational practice.
• Comfortable challenging control owners where evidence does not support claimed maturity.
• Proven ability to communicate complex technical issues clearly and concisely.
• Comfortable engaging with senior executives CISOs and technical teams.
• Strong written skills with experience producing assessment reports suitable for executive and regulator consumption.

Ideally youll also have the skills and attributes below but dont worry if you dont tick all the boxes. Were interested in your aptitude attitude and willingness to learn.

• High level of professional judgement and integrity.
• Strong attention to detail and evidence discipline.
• Structured and methodical approach to assessment delivery.
• Confidence operating in sensitive and secure environments.
• Commitment to continuous learning and alignment to evolving government guidance.

What we offer you

At EY well fuel you and your extraordinary talents in a diverse and inclusive culture of globally connected teams. Were proud to be recognised as the #1 WORK180 Endorsed Employer in the Top 101 Employers for Women 2026. Learn more.

• Career development: At EY your career is yours to shape! Well develop you with future-focused skills and equip you with world-class experiences work arrangements:Our flexible work policies empower you to balance your professional and personal life fostering a culture of trust and autonomy.
• A comprehensive benefits package:From a yearly wellness incentive to access to additional 8 weeks of flex leave per year and family-friendly policies including up to 26 weeks of gender-neutral paid parental leave we cater to your diverse needs to help you thrive both personally and professionally
• Salary: We offer a competitive salary which is open to negotiation pending on skills and experience.

Acknowledgement of Country

EY acknowledges the Traditional Owners and Custodians of the lands on which EY offices are located around Australia. We pay our respects to their cultures and to their Elders past present and emerging. Find out more about our vision for reconciliation at is core to who we are and how we work together driving value for our people and for our business. We encourage applications from people of all ages nationalities abilities cultures sexual orientations and gender identities and are committed to providing an equitable and barrier free recruitment experience for all. We encourage you to share any support and adjustments you need to be your best and participate equitably in our recruitment process. We understand sharing your needs with us can be daunting so if you have questions before or during your application we welcome you to get in touch at or(option 2). Anything you tell us will be kept completely confidential.

Are you ready to shape your future with confidence Apply today.
#LI-Hybrid

EY Building a better working world

Our preferred applicant will be required to undertake employment screening by EY or our external third-party provider.