We are currently looking for an Information Security Officer with a high profile government department. The right candidate will undertale an assessment to determine the information classification & understand the threat profile / business risk of hosted applications for the 'as a service' program of work.
The Information Security Officer will be responsible for:
- Undertake an assessment to determine the information classification and understand the threat profile (business risk) of hosted applications and information holdings to inform the as-a-service program of work that is currently assessing where IT workloads are able to be hosted.
- Undertake detailed ICT security risk assessments on new and existing infrastructure and services (e.g. on premise, IaaS, PaaS, SaaS, BUaaS, Private and Public Cloud) including recommending mitigation strategies and designing practical business process and technical solutions.
- Provide expert information security advice and practical solutions to ICT and project staff, senior management and key stakeholders.
- Implement an Information Security framework that addresses audit, risk and issue, and compliance with Australian Signal Directorate (ASD), Queensland State Government Information Standard IS18 and the Australian Government Protective Security Policy Framework.
- Manage the development procedures, controls and guidelines for multiple platforms and diverse system environments including solutions for ICT network security and ensure their compliance.
- Manage incident response planning and coordinate ICT security activities for the Program including establish and manage virtual teams, regular security audits, intrusion prevention, vulnerability management, detection systems, border and gateway security, incident assessment and investigation and reporting on serious ICT security breaches, ensuring all identified breaches in security are promptly and thoroughly investigated.
- Establish strong working relationships and communicate security related concepts to a broad range of technical and non-technical clients, key stakeholders and external consultants in a confidential manner and develop Information Security Awareness Training programs for staff.
- Demonstrated sound knowledge and experience in the management of projects.
- Proven ability to undertake detailed ICT security risk assessments on new and existing infrastructure and services (e.g. on premise, IaaS, PaaS, SaaS, BUaaS, Private and Public Cloud) including recommending mitigation strategies and designing practical business process and technical solutions.
- Demonstrated skill and experience in providing expert information security advice and practical solutions to ICT and project staff, senior management and key stakeholders
- Experience in implementing information security procedures, guidelines and solution designs for multiple Information Technology (IT) platforms and diverse system environments.
Apply here! Or for a confidential discussion pls call Elisha Saggar / Carrie Watts on 0733197502 and quote the job ref number 197591.