Senior ICT Security Specialist (PROJ-4211)

Job Duties and Responsibilities

• Lead and manage the review and preparation of technical systems for assessment and analysis by IT Security.
• Lead and manage relationships across the division with various technical teams in support of efforts to secure their systems.
• Lead and manage the team’s relationship with IT Security.
• Undertake ICT system security control assessments, liaising with project and capability stakeholders to achieve milestones.
• Contribute to ICT Security policy implement practices, technologies and governance in accordance with the agency's security strategy.
• Lead and provide SME advice on ICT system security documentation including architectures, designs and configurations to reduce the risk of capabilities subject to assessment.
• Lead efficient and effective ICT security threat and risk assessment activities, applying developing tools as needed.
• Work with external partners to assist their technical systems in obtaining authority to operate status.
• Develop, maintain, and uplift security documentation processes and frameworks.
• Ability to conduct threat assessment modelling of technical systems, including the use of methods such as STRIDE or MITRE frameworks

Candidates must have the following technical skills:

• At least 2 years’ experience as a security specialist working across security architecture, security and risk management, communication and network security or security operations domains.
• Experience ensuring technical systems adhere to Essential Eight, ISM, and PSPF frameworks.
• Proven ability to communicate complex technical systems to non-technical audiences.
• Excellent organisational and communication skills.
• Proven record building, managing, and enhancing relationships with stakeholders.
• Experience developing, managing, and implementing SOPs and procedures in support of security accreditation frameworks.

Candidates should have the following:

• Bachelor’s degree in Information Technology.
• Experience managing complex projects.
• Experience with the use of cloud-based technologies.

Essential criteria

• SCAD 5 (Security Operations): Monitors the application and compliance of security operations procedures. Reviews actual or potential security breaches and vulnerabilities and ensures that they are promptly and thoroughly investigated. Recommends actions and appropriate control improvements. Ensures that security records are accurate and complete and that requests for support are dealt with according to agreed procedures. Contributes to the creation and maintenance of policy, standards, procedures and documentation for security.

• ARCH 5 (Solutions Architecture): Leads the development of solution architectures in specific business, infrastructure or functional areas. Leads the preparation of technical plans and ensures that appropriate technical resources are made available. Ensures that appropriate tools and methods are available, understood and employed in architecture development. Provides technical guidance and governance on solution development and integration. Evaluates requests for changes and deviations from specifications and recommends actions. Ensures that relevant technical strategies, policies, standards and practices (including security) are applied correctly.

• SCTY 5 (Information Security): Provides advice and guidance on security strategies to manage identified risks and ensure adoption and adherence to standards. Contributes to development of information security policy, standards and guidelines. Obtains and acts on vulnerability information and conducts security risk assessments, business impact analysis and accreditation on complex information systems. Investigates major breaches of security, and recommends appropriate control improvements. Develops new architectures that mitigate the risks posed by new technologies and business practices.

Desirable criteria

• PBMG 4 (Problem Management): Initiates and monitors actions to investigate and resolve problems in systems, processes and services. Determines problem fixes and remedies. Collaborates with others to implemented agreed remedies and preventative measures. Supports analysis of patterns and trends to improve problem management processes.