Overview:
Our large government client is seeking an experienced Canberra based Senior Governance Risk and Compliance Specialist (NV1 or NV2) to describe, assess, and provide advice on Land Combat Systems (LCS) for service in the Current and Objectives Forces.
The Security Accreditation Team comprises of one (1) security-focused System Engineer Lead and five (5) Specialist Security Engineers. The team will be tasked with the security effort required to formally accredit and introduce IIP-delivered LCS into service, re-accredit in-service LCS on major upgrade or design change, and accredit LCS innovations introduced into service.
The Senior GRC Team Leader can expect to assess for accreditation a variety of systems, from standalone software packages to complex tactical deployable networks with gateway interfaces to national strategic and coalition networks. Principally these networks will be critical elements of capability to be delivered to the joint land force, linked to projects within the nine Land Capability Programs.
It is expected that the majority of services under this contract will either be delivered at the facility in Canberra or remotely (subject to requirements). Some interstate travel may be required to support project stakeholder acquisition and sustainment activities or working groups, as well as field trials or exercises.
Deliverables:
Conduct security due diligence, compliance, risk management and assessment-related activities inclusive of producing technical security documentation, maintaining configuration management, and conducting security based audits of classified land mission systems and networks.
1. These activities are to be in accordance with ICT Certification and Accreditation Framework and relevant Australian Communications Security instructions.
2. A System Security Accreditation Plan is required to be developed and maintained.
Engage with other departments and internal staff to develop project or capability-specific security documentation, including its submission for endorsement and approval and to support security accreditation by the Accreditation Authority, and the conduct of regular audits against ISM and DSM compliance requirements.
Provide technical information security, and security accreditation subject matter expertise into:
1. Workshops discussing system (hardware and software) integration.
2. Development of relevant training packages and courses related to security architectures, in-force ICT security accreditation, and policy inclusive of procedures to be undertaken by equipment operators and capability staff to maintain accreditation.
3. Development of system architecture and design documentation.
4. Architectural development and Function and Performance Specification development to support generalist military staff across Programs.
5. Cross Domain Solution design and development.
Conduct information and mission system security reviews, as well as periodic threat and risk assessments, and propose remediation options to minimise risk or meet compliance criteria.
Attend workshops and actively participate, or lead, to provide robust ICT security advice within information security and technical accreditation discussions, as required.
Produce information security reports post conduct of trials, including analyse within technical risk profiles and recommendations for improvement.
Report to and undertake additional tasking from the Deputy Director as required.
Required Skills and Experience:
* Certified Information Systems Security Professionals.
* Certified, or have experience in the Department of Defence Information Security Registered Assessors Program (IRAP).
* Formally trained in information security management systems (e.g. ISO 27001) and have a strong understanding of how this can be applied within Defence ICT domains and CIOG processes.
* Have detailed knowledge of information security policy applicable to the Department of Defence including: Protective Security Policy Framework, Information Security Manual, Defence Security Principles Framework, and the ASD Essential Eight and Strategies to Mitigate Cyber Security Incidents.
* Have extensive (greater than seven years) experience in ICT Information Security or ICT Security Architectures, preferably with deployable communications network systems in the Defence domain.
* Have a detailed understanding of deployable communication and information systems (CIS) operation, including staff processes within operational and tactical headquarters.
* Have knowledge of CIS service delivery frameworks, including ITIL.
Location of work: Canberra, ACT
Length of contract: February 2025 – February 2026, extension options available upon business funds availability (2x12 mths).
Security Requirements: Due to the nature of this role, you must be an Australian citizen and hold current NV1 or higher security clearance.
How to Apply: Please upload your resume to apply. Please note you will need to complete selection criteria to complete this application process. Candidates will need to be willing to undergo pre-employment screening checks which may include, ID and work rights, security clearance verification and any other client requested checks. We will be in touch with instructions for suitably skilled candidates.
Applications open until 27 November 2024 at midday. Please call Connie on 0480 002 453 to talk further.