📍 Melbourne | 🧑💻 Mid–Senior (2–5 years)
📌Permanent Role
💰 Salary on offer up to $100,000 (incl. super)
Be part of a high-performing team delivering large-scale, mission-critical systems, with a strong emphasis on modernisation initiatives.
🔐 Due to the secure nature of the role, Australian Citizenship is required.
About the Role
Job Description:
We are seeking an experienced and results-driven Security Assessment and Authorisation (A&A) consultant, to perform security risk management and assurance activities across systems, applications, and third-party services. The role ensures that systems meet required security standards; risks are properly assessed and documented, obtained and maintained.
This position works closely with system owners, architects, project teams, cybersecurity specialists, and compliance stakeholders to guide them through the A&A lifecycle and ensure alignment with organisational, regulatory, and Australian government frameworks.
Key Responsibilities:
- Security Risk Management
- Conduct risk assessments to identify, evaluate, and mitigate security risks across projects and operational environments.
- Facilitate risk workshops with stakeholders to capture and validate security risks.
- Monitor and report on risk status, treatment progress, and residual risk to governance forums.
- Ensure security controls are implemented and tested to mitigate identified risks effectively.
- Help project manage day to day tasks with the manager and program leads.
- Security Assessment and Authorisation
- Execute system security authorisation processes in accordance with ISM (Information Security Manual) and the client's security requirements, including Risk Management Framework (RMF) steps.
- Prepare and maintain risk assessments, and accreditation documentation.
- Ensure compliance with security controls for governance, identification, protection, detection, and response functions.
- Maintaining Compliance
- Develop and maintain security documentation as per the client's security guidelines (e.g., security policies, procedures, incident response plans).
- Support compliance obligations by adhering to ISMAustralian Government’s security compliance requirements for classified and controlled information handling.
- Maintain accurate records of security authorisations, exceptions, and audit evidence for accreditation reviews.
- Stakeholder Engagement
- Liaise with Authorising Officers, system owners, and project teams to ensure security documentation meets the client's required standards.
- Provide guidance on ISM, Essential Eight, and the Department’s specific security controls during project delivery.
- Monitoring & Reporting
- Support in establishment and ongoing management of GRC (Governance, Risk and Compliance) tooling.
- Track and report on security authorisation status, documentation, deliverables, and compliance gaps.
- Assist in continuous monitoring activities and maintain documentation for audits and inspections.
Qualifications and Skills:
- Education & Certifications
- Bachelor’s degree in Cybersecurity, Information Technology, or related field.
- Certifications such as CISM, CRISC, CISSP, IRAP Assessor, or equivalent security accreditation experience preferred.
- Technical Knowledge
- Strong understanding of Australian PSPF and ISM cybersecurity principles and NIST guidelines (Govern, Identify, Protect, Detect, Respond).
- Deep understanding of the Essential 8 requirements for classified information and processes.
- Experience with security documentation (Accreditation packages).
- Skills
- Excellent documentation and organisational skills with attention to detail.
- Ability to interpret and apply ISM and security controls in practical scenarios.
- Experience in collaboration tools (e.g., SharePoint, Confluence)
- Familiarity with security GRC (Governance, Risk and Compliance) platforms.
- Strong communication skills for engaging operational and business stakeholders.
Security Clearance
- Current Baseline Security Clearance and willingness to upgrade to NV1
- Australian Citizens with ability to obtain a clearance considered
Keywords for search purposes - Security Analyst, Cyber Security Analyst – Governance Risk & Compliance, Information Security Analyst, GRC Analyst (Junior / Associate), Security Compliance Analyst, Risk & Assurance Analyst (Cyber), Cyber Security Officer, ICT Security Analyst
If you are keen to learn more, feel free to give me a call on 📱03 8080 7260 or send your resume to 📎nick.reddy@peoplebank.com.au.
We are always happy to speak with talented professionals and referrals are highly encouraged and appreciated.
🔗 Do not miss this great opportunity
Peoplebank and Leaders IT are committed to creating a diverse and inclusive workplace where everyone belongs. We welcome applications from people of all backgrounds, identities, and experiences. If you need adjustments to the recruitment process due to your circumstances, please let us know—we’re here to support you.
