About You
The Cyber Security Assessor conducts independent comprehensive assessments of the management, operational, and technical security controls and control enhancements employed within or inherited by an information technology (IT) system to determine the overall effectiveness of the controls.
The person will possess broad knowledge in:
- Current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilising standards-based concepts and capabilities
- Cyber security and privacy principles used to manage risks related to the use, processing, storage and transmission of information or data
- Cyber threats and vulnerabilities
- Critical Information systems with information communication technology that were designed without security considerations
The person will possess skills in:
- In performing risk assessments and review of systems
- In technical writing, including developing and editing assessment products
- In interpreting vulnerability scanner results to identify vulnerabilities
- In interfacing with customers
- In preparing and presenting briefings
The Cyber Security Assessor's major responsibilities include:
- Develop security compliance processes and/or audits for external services
- Assess the effectiveness of security controls
- Perform security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk management strategy
- Verify that application software/network/ system security postures are implemented as stated, document deviations, and recommend required actions to correct those deviations
- Participate in Risk Governance processes to provide security risk, mitigations and input on other technical risk
There is an expectation that successful candidates will work 5 days per week (estimated 40-hour week). On boarding is in Canberra, noting there may be a requirement for short term occasional travel within Australia.
You will have (Weighting %)
- Demonstrated understanding in current industry methods for evaluating, implementing and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilising standards-based concepts and capabilities 30%
- Experienced in the development of security compliance processes/ and or audits of external services. 20%
- Experienced in performing security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk management strategy. 20%
- Experienced in assessing the effectiveness of security controls. 10%
- Demonstrated knowledge of cyber security and privacy principles used to manage risks related to the use, processing, storage and transmission of information or data. 10%
- Demonstrated knowledge of cyber threats and vulnerabilities. 10%
For more information or to apply, please contact Josie Bandiola on 02 9054 8710 quoting Job Reference: 241226
