ICT Specialist Security Assessors (PROJ-4384)

Job Duties and Responsibilities

• Undertake complex technical assessment activities in information and cyber security.
• Undertake objective systematic analysis and draw accurate conclusions based on evidence, providing detailed technical, operational, professional and procedural advice in relation to complex information and cyber security activities. These may include software development, system administration, incident response, cyber forensics, specialist electronics and engineering, mathematics and vulnerability analysis and research.
• Work within a framework of legislation, established industry principles, work practices and procedures in accordance with ASD’s mission and business objectives.
• Represent ASD Trust & Assurance branch to Defence & Other Government Organisations’ security stakeholders to ensure the TS ICT Authorisation Framework is applied in a consistent and coordinated fashion.
• Liaise with multiple projects and capability stakeholders to assist in design and documentation of ICT system security controls. Identify relevant stakeholders’ expectations and concerns to develop a clear understanding of the methodology and practices to achieve outcomes.
• Define scope of the assessment, assess the security controls and produce security assessment reports in accordance with ISM and PSPF standards.
• Develop assessment briefs and presentations for senior decision makers to support capability’s authorisation to operate.
• Contribute to enhancement of ICT security policy and documentation, and implement practices, technologies and governance.
• Role will require some travel and may require some role-specific interstate travel.

Technical Skills Required: 

• IRAP certified
• At least 2 years’ experience as a security specialist working across security architecture, security and risk management, communication and network security or security operations domains.
• Experience ensuring technical systems adhere to Essential Eight, ISM, and PSPF frameworks.
• Proven ability to communicate complex technical systems to non-technical audiences.
• Excellent organisational and communication skills.
• Proven record building, managing, and enhancing relationships with stakeholders.
• Experience developing, managing, and implementing SOPs and procedures in support of security accreditation frameworks.

Essential criteria

• SCTY 5: Provides advice and guidance on security strategies to manage identified risks and ensure adoption and adherence to standards. Obtains and acts on vulnerability information and conducts security risk assessments, business impact analysis and accreditation on complex information systems. Investigates major breaches of security, and recommends appropriate control improvements. Contributes to development of information security policy, standards and guidelines.
• INAS 5: Interprets information assurance and security policies and applies these in order to manage risks. Provides advice and guidance to ensure adoption of and adherence to information assurance architectures, strategies, policies, standards and guidelines. Uses testing to support information assurance. Contributes to the development of policies, standards and guidelines.
• BURM 5: Plans and implements complex and substantial risk management activities within a specific function, technical area, project or programme. Implements consistent and reliable risk management processes and reporting to key stakeholders. Engages specialists and domain experts as necessary. Advises on the organisation's approach to risk management.
• PRGM 5: Takes full responsibility for the definition, approach, facilitation and satisfactory completion of medium-scale projects. Provides effective leadership to the project team. Adopts appropriate project management methods and tools. Manages the change control process and assesses and manages risks. Ensures that realistic project plans are maintained and delivers regular and accurate communication to stakeholders. Ensures project and product quality reviews occur on schedule and according to procedure. Ensures that project deliverables are completed within agreed cost, timescale and resource budgets, and are formally accepted, by appropriate stakeholders. Monitors costs, times, quality and resources used and takes action where performance deviates from agreed tolerances.

Desirable criteria

• Advises on the available standards, methods, tools and applications relevant to own specialism and can make appropriate choices from alternatives. Analyses, designs, plans, executes and evaluates work to time, cost and quality targets. Assesses and evaluates risk. Communicates effectively, both formally and informally. Demonstrates leadership. Facilitates collaboration between stakeholders who have diverse objectives. Takes all requirements into account when making proposals. Takes initiative to keep skills up to date. Mentors colleagues. Maintains an awareness of developments in the industry. Analyses requirements and advises on scope and options for continuous operational improvement. Demonstrates creativity, innovation and ethical thinking in applying solutions for the benefit of the customer/stakeholder.
• Influences organisation, customers, suppliers, partners and peers on the contribution of own specialism. Builds appropriate and effective business relationships. Makes decisions which impact the success of assigned work, i.e. results, deadlines and budget. Has significant influence over the allocation and management of resources appropriate to given assignments.