Multiple APS6 Governance, Risk & Compliance (GRC) Analyst
Multiple APS6 Governance, Risk & Compliance (GRC) Analyst
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
Location of work
ACT QLD VIC WA
Onsite
Working arrangements will be at the discretion of the assigned work area subject to operational need. Due to the nature of operations not all work areas can accommodate work from home. Most roles are based in Canberra. However we may be able to accommodate candidates in the Melbourne Brisbane or Perth facilities. No other locations will be considered.
Maximum hours
40 hours per week
Security clearance
Must be able to obtain Negative Vetting Level 1
Job details
We require multiple APS6 equivalent ICT Security Specialists to fill positions across the organisation. Must have either NV1 NV2 and PV positions required.
ICT Security Specialists will work independently with the opportunity for reasonable autonomy and accountability for the achievement of outcomes of their work. They will exercise both initiative and judgement in the interpretation of policy and in the application of practices and procedures. They will provide detailed information security technical professional and policy advice in relation to complex work and contribute to strategic planning program and project management and policy development.
Key duties and responsibilities
- Accountable to conduct security risk assessments and provide advice and guidance on the application and operation of procedural security controls.
- Responsible for ensuring that all identified breaches in information security are promptly managed according to the Australian Signals Directorate policies and procedures.
- Understand the security features and capabilities of current Australian Signals Directorate and industry accepted hardware and software products and provide advice to stakeholders.
- Use experience to explain systems security and the strengths and weaknesses that are relevant across the Australian Signals Directorate.
- Tailor communication style and language to provide guidance on security strategies to manage identified risks.
- Facilitate appropriate direction for the team by clearly communicating goals and objectives.
- Interpret security policy and contribute to the development of standards and guidelines that comply with the Australian Signals Directorate policy and procedures.
- Analyse and resolve identified security incidents in accordance with established procedures and recommend any required actions.
- Lead the application and compliance of security operations procedures and review information systems for actual or potential breaches in security.
- Build and sustain effective working relationships with team members and actively participate in teamwork and group activities.
Technical Skills:
- Certification as an Infosec Registered Assessors Program (IRAP) Assessor
- Experience ensuring technical systems adhere to Essential Eight ISM and PSPF frameworks
- Proven ability to communicate complex technical systems to non-technical audiences
- Excellent organisational & communication skills
- Proven record building managing & enhancing relationships with stakeholders
- Experience developing managing and implementing SOPs & procedures in support of security accreditation frameworks
Requirements
Criteria
You must provide a response to each criterion. Each response is limited to 3000 characters.
Essential criteria
1. SCAD 3 - Security operations: Level 3 (SFIA) Investigates minor security breaches in accordance with established procedures. Assists users in defining their access rights and privileges. Performs non-standard operational security tasks. Resolves security events and operational security issues.
2. SCAD 4 - Security operations: Level 4 (SFIA) Maintains operational security processes and checks that all requests for support are dealt with according to agreed procedures. Provides advice on defining access rights and the application and operation of elementary physical procedural and technical security controls. Investigates security breaches in accordance with established procedures and recommends required actions. Provides support and checks that corrective actions are implemented.
3. SCTY 4 - Information security: Level 4 (SFIA) Provides guidance on the application and operation of elementary physical procedural and technical security controls. Explains the purpose of security controls and performs security risk and business impact analysis for medium complexity information systems. Identifies risks that arise from potential technical solution architectures. Designs alternate solutions or countermeasures and ensures they mitigate identified risks. Investigates suspected attacks and supports security incident management.
4. INAS 4 - Information assurance: Level 4 (SFIA) Performs technical assessments and/or accreditation of complex or higher-risk information systems. Identifies risk mitigation measures required in addition to the standard organisation or domain measures. Establishes the requirement for accreditation evidence from delivery partners and communicates accreditation requirements to stakeholders. Contributes to planning and organisation of information assurance and accreditation activities. Contributes to development of and implementation of information assurance processes.
Additional requirements
1. What level of security clearance do you hold and provide your AGSVA CSID
Employment Type
Full Time
Company Industry
Defense and Space Manufacturing / Government Administration / Military and International Affairs
