Security Architect (PROJ-4251)

Job Duties and Responsibilities

• Analyse and assess technical systems as part of authority to operate procedures.
• Manage relationships with various technical teams in support of efforts to secure their systems.
• Manage the team’s relationship with Mission Data Division stakeholders and other ASD stakeholder.
• Work with external partners to assist their technical systems in obtaining authority to operate status.
• Determine security requirements by evaluating business strategies and leading threat risk assessment activities; research information security standards; conduct system security and vulnerability analyses and risk assessments.
• Architect solutions that deliver to the ASD Mitigation strategies and meet the Australian Government Protective Security Policy Framework (PSPF and the Australian Government Information).
• Review existing system security measures, recommend and implement enhancements.
• Develop, deliver and update System Accreditation Plan (SAP), Security Risk Management Plan (SRMP) to ensure Capability solution architecture/design(s) can sufficiently mitigate the identified threats.
• Analyse, design, develop, deliver and maintain the security perspective of a Cyber Security Capability.
• Liaise with certification and accreditation authorities, business stakeholders and solution architects to drive a solution/design to an accreditation outcome.
• Review internal/externally developed security engineering artefacts to ensure that all security requirements are addressed.
• Advise Program Design Authority on system security threats, risks and mitigations.

Candidates must have the following technical skills:

• At least 5 years’ experience as a security architect working across security architecture, security and risk management, communication and network security or security operations domains.
• Experience ensuring technical systems adhere to Essential Eight, ISM, ISO:27001 and PSPF frameworks.
• Proven ability to communicate complex technical systems to non-technical audiences.
• Excellent organisational and communication skills.
• Proven record building, managing, and enhancing relationships with stakeholders.
• Experience developing, managing, and implementing SOPs and procedures in support of security accreditation frameworks.

Candidates should have the following:

• Bachelor’s degree in Information Technology.
• Experience managing complex projects.
• Experience with the use of cloud-based technologies.

Essential criteria

• Information assurance: Level 5 (SFIA) Interprets information assurance and security policies and applies these to manage risks. Provides advice and guidance to ensure adoption of and adherence to information assurance architectures, strategies, policies, standards and guidelines. Plans, organises and conducts information assurance and accreditation of complex domains areas, cross-functional areas, and across the supply chain. Contributes to the development of policies, standards and guidelines.

• Information security: Level 5 (SFIA) Provides advice and guidance on security strategies to manage identified risks and ensure adoption and adherence to standards. Contributes to development of information security policy, standards and guidelines. Obtains and acts on vulnerability information and conducts security risk assessments, business impact analysis and accreditation on complex information systems. Investigates major breaches of security, and recommends appropriate control improvements. Develops new architectures that mitigate the risks posed by new technologies and business practices.

• Systems design: Level 5 (SFIA) Designs large or complex systems and undertakes impact analysis on major design options and trade-offs. Ensures that the system design balances functional and non-functional requirements. Reviews systems designs and ensures that appropriate methods, tools and techniques are applied effectively. Makes recommendations and assesses and manages associated risks. Adopts and adapts system design methods, tools and techniques. Contributes to development of system design policies, standards and selection of architecture components.

• Security operations: Level 5 (SFIA) Monitors the application and compliance of security operations procedures. Reviews actual or potential security breaches and vulnerabilities and ensures that they are promptly and thoroughly investigated. Recommends actions and appropriate control improvements. Ensures that security records are accurate and complete and that requests for support are dealt with according to agreed procedures. Contributes to the creation and maintenance of policy, standards, procedures and documentation for security.