Lead Cyber Security Officer (PROJ-4353)
Job Description
Remote is seeking a highly skilled and dedicated Cyber Security Officer to join the elite Cyber Security Branch in DFAT. In this role, you will play a critical part in safeguarding DFAT’s ICT assets and ensuring compliance with industry standards and regulations. This position is primarily responsible for coordinating the implementation and assessment of the Essential Eight mitigation strategies, as outlined by the Australian Cyber Security Centre (ACSC).
As the Essential Eight Coordinator, you will lead efforts to enhance our cyber security posture by ensuring these strategies are effectively implemented and maintained. You will work closely with cross-functional teams to assess the maturity of our security measures, identify areas for improvement, and provide recommendations to mitigate risks.
In addition to your focus on the Essential Eight, you will conduct comprehensive ICT audits, develop and implement security policies, and monitor security incidents to ensure our organization remains resilient against evolving cyber threats. Your expertise in the Protective Security Policy Framework (PSPF) will also be crucial in aligning our security practices with government standards and requirements. (LH-02416)
Role Description
Job Specific role description
- Provide advice to DFAT business areas to understand, identify, and document key controls to ensure key risks with PSPF and E8 compliance and obligations are adequately managed.
- Assist in reporting assurance activities and results to senior leadership.
- Develop and maintain strong stakeholder relationships in cyber.
- Effectively engage with 1st and 3rd Line of Defence stakeholders regarding risk and compliance assurance activities, including control testing, recommendation development and finding/remediation monitoring.
- Coordinate and complete cross-functional assurance activities, including design and operating effectiveness assessments.
- Monitor and track the completion of controls testing and assurance activities across the business.
Essential criteria
- Experience: Minimum 3 years’ experience in ICT auditing or related fields within a government context.
- Knowledge of Australian Government compliance frameworks; the Essential Eight and the Protective Security Policy Framework.
- Minimum active Negative Vetting Level 1 (NV1) security clearance.
Desirable criteria
- Tertiary education and certifications in information security and ICT assurance and audit domains, such as the Certified Information Systems Auditor (CISA), are beneficial.
- Familiarity of Australian Government policies, guidelines, and initiatives is advantageous.
- Strategic & Communication Skills: Ability to simulate advanced threat scenarios, manage multiple high-priority projects, and communicate complex issues to high-level officials.