Multiple IRAP Senior ICT Security Specialists APS6 PV
Canberra, Australia | Posted on 12/02/2025
Security clearance: Australian Citizen must have Positive Vetting
Job Description:
ICT Security Specialists will work independently with the opportunity for reasonable autonomy and accountability for the achievement of outcomes of their work. They will exercise both initiative and judgement in the interpretation of policy and in the application of practices and procedures. They will provide detailed information security technical, professional and policy advice in relation to complex work and contribute to strategic planning, program and project management and policy development.
Job Duties and Responsibilities
* Accountable to conduct security risk assessments and provide advice and guidance on the application and operation of procedural security controls.
* Responsible for ensuring that all identified breaches in information security are promptly managed according to the Australian Signals Directorate policies and procedures.
* Understand the security features and capabilities of current Australian Signals Directorate and industry accepted hardware and software products and provide advice to stakeholders.
* Use experience to explain systems security and the strengths and weaknesses that are relevant across the Australian Signals Directorate.
* Tailor communication style and language to provide guidance on security strategies to manage identified risks.
* Facilitate appropriate direction for the team by clearly communicating goals and objectives.
* Interpret security policy and contribute to the development of standards and guidelines that comply with the Australian Signals Directorate policy and procedures.
* Analyse and resolve identified security incidents in accordance with established procedures and recommend any required actions.
* Lead the application and compliance of security operations procedures and review information systems for actual or potential breaches in security.
* Build and sustain effective working relationships with team members and actively participate in teamwork and group activities.
Technical skills
* Certification as an Infosec Registered Assessors Program (IRAP) Assessor
* Experience ensuring technical systems adhere to Essential Eight, ISM, and PSPF frameworks
* Proven ability to communicate complex technical systems to non-technical audiences
* Excellent organisational & communication skills
* Proven record building, managing, & enhancing relationships with stakeholders
* Experience developing, managing, and implementing SOPs & procedures in support of security accreditation frameworks
Requirements
1. SCAD 3 - Security operations: Level 3 (SFIA) Investigates minor security breaches in accordance with established procedures. Assists users in defining their access rights and privileges. Performs non-standard operational security tasks. Resolves security events and operational security issues.
2. SCAD 4 - Security operations: Level 4 (SFIA) Maintains operational security processes and checks that all requests for support are dealt with according to agreed procedures. Provides advice on defining access rights and the application and operation of elementary physical, procedural and technical security controls. Investigates security breaches in accordance with established procedures and recommends required actions. Provides support and checks that corrective actions are implemented.
3. SCTY 4 - Information security: Level 4 (SFIA) Provides guidance on the application and operation of elementary physical, procedural and technical security controls. Explains the purpose of security controls and performs security risk and business impact analysis for medium complexity information systems. Identifies risks that arise from potential technical solution architectures. Designs alternate solutions or countermeasures and ensures they mitigate identified risks. Investigates suspected attacks and supports security incident management.
4. INAS 4 - Information assurance: Level 4 (SFIA) Performs technical assessments and/or accreditation of complex or higher-risk information systems. Identifies risk mitigation measures required in addition to the standard organisation or domain measures. Establishes the requirement for accreditation evidence from delivery partners and communicates accreditation requirements to stakeholders. Contributes to planning and organisation of information assurance and accreditation activities. Contributes to development of and implementation of information assurance processes.
#J-18808-Ljbffr