ICT Security, Governance, Risk and Compliance (PROJ-4605)

Key duties and responsibilities

The primary goal of this role is to support an OFFICIAL: Sensitive cloud-based Internet gateway prepare for and go through an IRAP assessment. This includes:

• Support the system owner and system manager to define the system boundary for IRAP assessment.
• Identify areas of non-compliance and provide input to the prioritisation of these elements for remediation.
• Develop IT security documentation required to support an IRAP assessment.
• Review and provide input to system design that underpins IT security documentation.
• Engage with an independent IRAP assessor, provided by the Commonwealth, to ensure effective documentation delivery.
• Engage with existing AGO ICT Security team and technical sustainment personnel to ensure knowledge transfer throughout the process.

A secondary goal of this role is to support other AGO systems prepare and go through the ASD or Defence-based authorisation process. Any work associated with this goal will be agreed between AGO and the vendor on a case-by-case basis.

Essential criteria

• Support the system owner and system manager to define the system boundary for IRAP assessment.
• Identify areas of non-compliance and provide input to the prioritisation of these elements for remediation
• Develop IT security documentation required to support an IRAP assessment.
• Review and provide input to system design that underpins IT security documentation.
• Engage with an independent IRAP assessor, provided by the Commonwealth, to ensure effective documentation delivery.
• Engage with existing AGO ICT Security team and technical sustainment personnel to ensure knowledge transfer throughout the process.