Sydney or Melbourne location. Other locations considered Salary from $178,498 15.4% superannuation Two Year Fixed Term Contract Hybrid working environment A future with ASIC means that your work will contribute to ASIC's vision for a fair, strong and efficient financial system for all Australians. We value what you will bring. We value those with sharp, analytical minds and are open to challenging the way things are done. The team Cyber Security provides a wide range of services including security architecture & design, incident response and cyber assurance for ASIC. We make use of the latest security technology with an increasing focus on automation and analytics to secure and support ASIC on its journey to be a 'best in class regulator supporting the Australian financial markets. The role As a Cyber Security Architect, you provide security leadership for design, implementation, integration, and oversight of cloud-based and hybrid systems' security solutions with an emphasis on securely facilitating business operations. As part of the role, you will also support other architectural teams and the Cyber Uplift Program of work. You will be accountable for: Working as an internal customer-facing specialist leading in-depth technical security architecture designs and assessments with solution architects, developers, and other technical & business stakeholders Defining technologies, security controls, and operating protocols that protect data hosted in the cloud from loss, inappropriate alteration, or misuse Assessing the completeness and effectiveness of security controls and solutions to identify capability gaps, security weaknesses and potential attack vectors Assessing SaaS and PaaS services against the Australian Cyber Security Centre (ACSC) Information Security Manual (ISM) and industry cloud security control frameworks Working with solution architects to enhance the security controls on the existing technology platforms, services, and solutions Performing / coordinating threat modelling and architecture design review sessions to identify the completeness of solution's security controls Contributing to the Cyber Security architecture principles, patterns, roadmaps, frameworks and building blocks Coordinating and facilitating the onboarding of technology services and solutions into the SOC threat monitoring program, including identification of how solution-specific attacks would be captured and recorded Creating and maintaining cyber security documentation including solution designs, assessment reports and architectural artifacts Assisting the Cyber Security Team Leads with the continual improvement of the cyber security tooling, processes, culture, and service provision About you A tertiary qualification and/ or equivalent experience in a cyber security role with demonstrated experience as a security architect Demonstrated knowledge & experience in: Defining, designing, and overseeing the implementation of secure solution architectures for AWS or Azure hosted solutions in alignment with appropriate platform security standards & frameworks Defining, designing, and overseeing the implementation of secure solution architectures for endpoint security, internet gateway, IPS/IDS and network device infrastructure Experience providing leadership (from an architectural perspective) regarding Security Operations Centre (SOC) tools and threat hunting activities utilising Microsoft Sentinel Using industry security control frameworks and standards, including NIST and ISO 27001, as well as those applicable to Australian Government entities, including the ACSC ISM and the ASD Essential Eight, to design secure solutions Performing threat modelling and design reviews to identify security requirements for new technologies, services, and systems Championing and overseeing the design and implementation of secure solutions and good security practices amongst peers in a broader IT architects' community Designing solutions using common industry standard cloud-native authentication and authorization mechanisms, MFA and SSO; in-depth knowledge of IAM architectures A clear understanding of enterprise-scale cloud and hybrid cloud infrastructure security Experience working with cloud security and governance tools including CASBs and CSPMs Technical aptitude and the experience to continually learn new security technologies and understand relevant security market trends Demonstrable skills in assessing, analysing, and resolving complex client and stakeholder related queries, utilising all relevant sources of information, media and stakeholder channels, data, reporting, systems and/or databases Excellent interpersonal and consultative skills Ability to effectively present complex information to project and senior level audiences both verbally and in writing. Ability to work independently with limited supervision and be accountable for outcomes Experience working collaboratively with multifunctional project teams, building, and maintaining productive working relationships. Formal security certifications are desired but not essential. Examples include Certified Information Systems Security Professional (CISSP), CISSP-ISSAP, SABSA Chartered Security Architect, Certified Cloud Security Professional (CCSP), or related cloud provider's security architecture certification. About ASIC ASIC's remit is one of the broadest of regulators across the world. ASIC regulates corporations, markets, financial services and consumer credit and monitors and promotes market integrity and consumer protection in the Australian financial system. Through our enforcement work, we hold to account those who contravene the law, working to achieve strong outcomes that address the greatest consumer and investor harms. Through Moneysmart, we aim to improve the skills and knowledge of Australians and provide information and tools to help them in their decision making. A future with ASIC means that your work will contribute to achieving ASIC's vision for a fair, strong, and efficient financial system for all Australians. ASIC is committed to a providing a diverse and inclusive workplace where the very best talent in Australia chooses to work. Indigenous Australians are encouraged to apply as well as applicants from all backgrounds and with different abilities. To work with us, you need to be an Australian citizen, and be prepared to complete an ASIC Suitability and Baseline Assessment which is issued ASIC's Security team. View the position description for more information or click ‘apply' to start your application. Please include a brief resume. Applications for this role will close at 11:59pm on 25 November 2024.