Job Information
CYOS Solutions Cyber Security Risk Assessor in Remote, Australia
Application closing date: Monday, 25 November 2024 • 11:59pm, Canberra time
Estimated start date: Monday, 06 January 2025
Location of work: NSW
Working arrangements: Subject to negotiations with line manager, hybrid working arrangements in line with current NDIA policy are available (minimum of 3 days each week in the office, with flexible arrangements in place for the remaining 2 days).
Length of contract: 12 Months
Contract extensions: 1x 12 months
Security clearance: Must have NV1 Clearance
Rates: $100 - $130 per hour (inc. super)
The National Disability Insurance Agency (NDIA) is an independent statutory agency that is responsible for implementing the National Disability Insurance Scheme (NDIS), which will support a better life for hundreds of thousands of Australians with a significant and permanent disability and their families and carers. The NDIA values a positive contemporary attitude to disability.
The Cyber Security and Resilience Branch implements the requirements of government security policies and frameworks. This is achieved by providing strategic, tactical and operational Agency-wide oversight of Cyber Security and Operations. The Cyber Security & Resilience Team is responsible for identifying key security risks in the ICT environment and ensuring the NDIA is able to identify, mitigate and be resilient to cyber threat activity.
The team develops, governs, and maintains an enterprise data warehouse as well as the NDIA's reporting platforms and production content. They design and build Business Intelligence (BI) interventions and prototype analytic solutions and reports, identifying trends and drivers of performance.
The Cyber Security Risk Assessor is accountable under broad direction to undertake very complex work that delivers quality outcomes across the diverse functions of the NDIA. The position is required to coordinate and assume responsibility to undertake detailed or sensitive projects that may include performing varied activities involving many different and unrelated processes or methods that may impact on the strategic or operational outcomes that support the NDIA's objectives to “build a wor¹ld-leading National Disability Insurance Scheme”.
The Cyber Security Risk Assessor is responsible for actively managing key internal and external stakeholder relationships and where required will represent and negotiate on behalf of the NDIA to advance the NDIA's interests across a range of forums.
Responsibilities of the role include but are not limited to:
Leading and conducting security risk analysis of NDIA internal systems and assessing the cyber threat, inherent vulnerabilities and the likelihood and consequences of adverse threat activity.
Implementing better-practice methodologies and risk management practices aligned with MITRE Att&ck Framework, NIST, ISO 31000/ISO 27001 and the PSPF.
Developing and managing the production of multiple system-specific security documentation artefacts, including Statement of Applicability, System Security Plan, Security Risk Management Plan, Cyber Security Incident Response Plan, Continuous Monitoring Plan and Security Assessment Plan.
Developing and managing Authority to Operate artefacts and managing security risks and controls uplift activities arising from cyber security risk analysis.
Developing targeted security risk advice to allow the NDIA to prevent, detect and respond to cyber threat activity. • Developing IT security standards, policy, procedures, and controls for managing risks in a dynamic threat environment.
(NOTE: the key responsibilities of the role are based on current priorities and may change over time)
Essential Criteria
5 years-plus experience in cyber security with significant knowledge of cyber security risk concepts/Frameworks and their application in Government ICT systems
High-level communication and influencing skills
Degree in Computer science or related field, CISM, CISSP.