This is a Permanent full-time position based in Mel/Syd/Brisbane/Adelaide/Perth.
AEMO at the Heart of Energy
We are the Australian Energy Market Operator (AEMO), committed to designing and operating a sustainable energy system that delivers safe, reliable, and affordable electricity and gas. Our mission includes facilitating the transition to a net-zero energy system by 2050, working collaboratively with industry partners to achieve 100% renewable generation capability by 2025. We have the once-in-a-lifetime opportunity to co-design the future of our energy systems, and our core values revolve around Character, Commitment, and Connection.
Join us, as we contribute to this significant mission in the energy sector!
About the Team & the Position
AEMO is a recognised leader and exemplar of effective cyber security within the energy sector domestically and internationally so that. the Australian energy sector is prepared for and resilient to all the cyber threats.
As the Senior Cyber Assurance and Risk Analyst, you will work with peers in cyber security, digital and across the broader business to conduct cyber assurance activities on proposed solution designs, business processes, supply chain and change initiatives to ensure compliance with the cyber security requirements. You will assist business owners take risk informed decision by preparing and presenting comprehensive cyber risk assessment.
This role plays an important part in delivering secure future energy and market systems that will be delivered under a range of energy sector initiatives.
Success in this role requires outstanding communication skills as well as extensive experience with and knowledge of contemporary adversary tradecraft, defensible architecture principles and control and maturity frameworks.
Position Responsibilities
* Identify the inherent cyber security risks associated with the business cases and propose the cyber security functional and non-functional requirements.
* Perform threats and controls assessment of the proposed conceptual and solution architecture designs and identify risks associated with the cyber security control gaps. Generate comprehensive risk assessment reports in alignment with AEMO's Enterprise risk management framework and security standards.
* Perform cyber assurance on the supply chain and identify potential threats and risks to AEMO
* Review/analyse third party attestation and certification artifacts (SOC2, SIG, NIST, ISO 27001/2 Certifications, etc.) shared by third parties to identify the information security risks.
* Document risk assessment consistent with AEMO's corporate Enterprise Risk Management framework
* Work closely with technical architects and SMEs, to drive remediations of the identified control deficiencies.
* Assess impacts of technical changes such as firewall rule, privileged access etc.
* Perform cyber assurance activities as part of the operational readiness to make sure solutions being deployed have implemented all cyber security requirements.
* Manage engagement with projects for the entire life of the project. Building strong relationship with stakeholders across AEMO
* Contribute towards improving the overall cyber assurance and risk processes and templates.
* Maintain high degree of familiarity with AEMO cyber security policies, standards, and procedures. Other duties as required and directed
Position Requirements
Skills & Experience:
* Strong experience in ‘technical cyber security assurance and risks function’ preferably with critical infrastructure in the Energy Sector.
* Detailed understanding of contemporary adversary tradecraft, effective controls, and models for adversary emulation (including Mitre ATT&CK)
* Good understanding of technological trends and developments in information security and risk management.
* Proven experience in the application of security control and maturity frameworks such as ISM, NIST-CSF, AESCSF, CIS 18 / NIST 800-53, NIST 800-82
* Expertise in identifying the control gaps and converting impacts in the business acumen language with the ability to unwind complex cyber/information security issues for a variety of technical and non-technical audiences.
* Audit experience such as IRAP assessment, AESCSF assessment is preferred.
* Abreast with the Information Security frameworks, standards and best practices, and audit, risk, and compliance requirements
* Good understanding in broad range of IT and security technologies, including:
o Identity and Access Management
o Contemporary endpoint detection and response, vulnerability detection and management.
o Next generation web proxies, email gateways and firewalls.
o TCP/IP, Network Switches and Routers Network Firewalls and WAF's, Active Directory, Microsoft Servers, Linux Servers, VMware Servers, - Web Servers, Database Servers, Messaging Systems, IAM systems, PKI, Encryption.
o SIEM, Security Log Analysis, Microsoft Sentinel, Incident Response Tooling, Forensic Tooling, Virtual security analysis environments.
o Microsoft Azure and Microsoft defender security capabilities, tooling, and practices.
* Prior experience of solution architect or security architect is preferred.
Education/ professional Certifications:
* Tertiary qualifications in computer science or technology-related field, or equivalent work or education-related experience
* CRISC, CISA or other relevant certifications desirable
In return some of our benefits to you
* Flexible working: work from home, part time, job share, hybrid options, and additional leave options
* Professional development via projects, industry networks, job rotation, study assistance and more.
* Give back with up to 4 days of volunteering leave per year.
* Embrace a healthier you with our wellness program, discounted health insurance, gym perks and our comprehensive Employee Assistance Program (EAP).
About Our Process
AEMO values diversity and inclusivity in the workplace, welcoming applications from all backgrounds without regard to age, disability, gender, sexual orientation, parental status, race, or religion.
If you would like to know more about working at AEMO, please check out our careers page for more information.