Reporting directly to the Head of Cyber and Information Security, you will work on the development, implementation and maintenance of Cybersecurity architecture and supporting the Information Security Program and Cyber Strategy.

Security and Privacy:

Information Security L5 - Defining and operating a framework of security controls and security management strategies.

• Provides advice and guidance on security strategies to manage identified risks and ensure adoption and adherence to standards.
• Contributes to development of information security policy, standards and guidelines.
• Obtains and acts on vulnerability information and conducts security risk assessments, business impact analysis and accreditation on complex information systems. Investigates major breaches of security, and recommends appropriate control improvements.
• Develops new architectures that mitigate the risks posed by new technologies and business practices.

Strategy and planning:
Solution architecture L6 - Developing and communicating a multi-dimensional solution architecture to deliver agreed business outcomes.

• Leads the development of architectures for complex solutions ensuring consistency with agreed requirements.
• Establishes policies, principles and practices for the selection of solution architecture components.
• Manages trade-offs and balances functional, service quality and systems management requirements within a significant area of the organisation. Communicates proposed decisions to stakeholders.
• Coordinates and manages the target architecture across multiple projects or initiatives. Maintains a stable, viable architecture and ensures consistency of design and adherence to appropriate standards across multiple projects or initiatives.

Enterprise and business architecture L5 - Aligning an organisation's technology strategy with its business mission, strategy, and processes and documenting this using architectural models.

• Develops models and plans to drive the execution of the business strategy, taking advantage of opportunities to improve business performance.
• Contributes to creating and reviewing a systems capability strategy which meets the business's strategic requirements.
• Determines requirements and specifies effective business processes, through improvements in technology, information or data practices, organisation, roles, procedures and equipment 

Change and transformation:

Requirements definition and management L5 - Managing requirements through the entire delivery and operational life cycle.

• Plans and drives scoping, requirements definition and prioritisation activities for large, complex initiatives.
• Selects, adopts and adapts appropriate requirements definition and management methods, tools and techniques. Contributes to the development of organisational methods and standards for requirements management.
• Obtains input from, and agreement to requirements from a diverse range of stakeholders. Negotiates with stakeholders to manage competing priorities and conflicts.
• Establishes requirements baselines. Ensures changes to requirements are investigated and managed.

User experience analysis L5 - Understanding the context of use for systems, products and services and specifying user experience requirements and design goals.

• Determines the approaches to be used for user experience analysis.
• Plans and manages user experience and accessibility analysis activities.
• Provides expert advice and guidance to support the adoption and adaptation of agreed approaches.
• Develops user experience tools, techniques and standards as part of the organisation's framework for user-centred design

Development and implementation:

Software design L4 - Designing systems to meet specified requirements and agreed systems architectures.

• Designs system components using appropriate modelling techniques following agreed architectures, design standards, patterns and methodology.
• Identifies and evaluates alternative design options and trade-offs. Creates multiple design views to address the concerns of the different stakeholders and to handle functional and non-functional requirements.
• Models, simulates or prototypes the behaviour of proposed system components to enable approval by stakeholders.
• Produces detailed design specifications to form the basis for the construction of systems. Reviews, verifies and improves own designs against specifications.

Systems integration and build L4 - Planning, implementing and controlling activities to synthesise system components to create operational systems, products or services.

• Provides technical expertise to enable the configuration of system components and equipment for systems testing.
• Collaborates with technical teams to develop and agree system integration plans and report on progress. Defines complex/new integration builds. Ensures that integration test environments are correctly configured.
• Designs, performs and reports results of tests of the integration build. Identifies and documents system integration components for recording in the configuration management system.
• Recommends and implements improvements to processes and tools.

Data and analytics:

Data management L4 - Developing and implementing plans, policies, and practices that control, protect and optimise the value of data assets.

• Devises and implements master data management processes for specific subsets of data.
• Assesses the integrity of data from multiple sources.
• Provides advice on the transformation of data from one format/medium to another. Maintains and implements information handling procedures.
• Enables the availability, integrity and searchability of information through the application of formal data and metadata structures and protection measures.

Experience:

• 3 to 5 years of specialised skills and experience in information security, Government experience highly regarded.
• Ability to develop and define Cybersecurity architectures.
• Outstanding communication and interpersonal skills, with strong track-record of engaging with business users and understanding their security requirements.
• Understanding of Cyber and IT risk management principles and the ability to assess and prioritise cybersecurity risks in the context of asset and data protection.
• Certifications such as CISSP, CISM, ISSAP, Microsoft Cybersecurity Architect or equivalent are highly desirable.
• Diverse Cyber background with knowledge across a broad range of technologies, including and not limited to:
  • Identity management (EntraID)
  • Endpoint detection and Response (Trend Micro)
  • Governance, Risk and Compliance (ISO 27001, E8 and VDPSF)
  • Vulnerability management (Tenable)
  • URL Filtering (Netskope)
  • Email Security (Abnormal, SPF, DKIM, DMARC)
  • DNS Security
  • System Security (Microsoft server and endpoint)
  • Database Security (SQL server)
  • Cryptography and PKI (Microsoft Certificate Authority)
  • Network Security (Fortinet, Cisco & Meraki)
  • Cloud Platforms (M365, Azure)
  • SaaS application, RBAC and Integration Security concepts (TechnologyOne)
  • Application/Infrastructure Security Concepts (OWASP)

On Offer

• Hybrid work (3 days per week in the office)
• Northern suburbs 
• $750-$850 daily rate
• Start asap