Lead Cyber Security Officers

Job Description

Location : ACT Work Arrangements: Hybrid Clearance : Must be able to obtain Negative Vetting Level 1 LH-01897 Job details: DFAT is seeking highly skilled and dedicated Cyber Security - Governance, Risk and Compliance Assurance Specialist (GRC Specialist/s) to join our elite cyber security branch. In this role, you will play a critical part in safeguarding DFAT’s digital assets by providing guidance on the application and operation of security controls, performing security risk and business impact analyses, and identifying risks from potential technical solution architectures. You will design alternate solutions or countermeasures to mitigate identified risks and provide recommendations for appropriate security policies, standards, and guidelines. You will manage risks related to the use, storage, and transmission of data, and carry out risk management activities within specific functions or projects. This includes identifying risks and vulnerabilities, assessing their impact and probability, developing mitigation strategies, and reporting these to the business. Your role will ensure the protection and management of risks associated with information systems, contributing to a secure and compliant digital environment. The ideal candidate will have a strong technical background, relevant risk assessment qualifications such as the CISSP and/or CCSP, a deep understanding of cyber threats facing government, and the ability to work within a high-security environment. This is a mission-critical role where your expertise will directly contribute to the protection of our global infrastructure. Key Duties And Responsibilities Identify, assess, and manage risks related to information technology, information security, privacy, and regulatory compliance. Conduct risk assessments of various systems, ranging in complexity. Perform detailed vulnerability assessments and participate in red team operations. Collaborate with intelligence analysts to integrate the latest threat intelligence into risk management methodologies. Collaborate with cyber defence analysts to uplift the security posture of the department. Prepare comprehensive reports for business and senior executive, translating complex technical findings into clear, actionable treatments and recommendations. The Skills Framework for the Information Age (SFIA) has been used to inform the requirements. In summary, DFAT seeks a candidate with multiple skillsets as follows: Information security (SCTY) - Level 4+ Information assurance (INAS) - Level 4+ Risk Management (BURM) - Level 4+ Requirements Technical skills: Certifications: Highly desirable certifications include CISSP, CRISC, CCSP, or equivalent, with additional qualifications in government-specific cyber security programs. Essential criteria: Experience: Demonstrated experience in authoring ICT system authorisation documentation including, but not limited to: Security Risk Management Plans (SRMPs), System Security Plans (SSPs), and Standard Operating Procedures (SOPs). Technical Expertise: Experience in technical ICT areas such as system administration, software development, and cloud computing. In-depth knowledge of government cyber security standards, such as the Protective Security Policy Framework (PSPF) and Information Security Manual (ISM). Desirable criteria: Security Expertise: Knowledge of emerging threats, security testing methodologies, OWASP Top 10, network protocols, and secure communication methods. Cloud & Container Experience: Familiarity with AWS, Azure, Kubernetes, and security for critical infrastructure. Strategic & Communication Skills: Ability to simulate advanced threat scenarios, manage multiple high-priority projects, and communicate complex issues to high-level officials. About the team: The Cyber Architecture and Assurance Section (CAS) is a part of the Cyber Security, Cloud & Networks Branch (CAS/CRB/IMD). CAS is responsible for several core functions, including system assurance, providing risk advice, and undertaking a ‘second line’ assurance function. Only candidates who have addressed the essential criteria mentioned in the job description will be considered. #J-18808-Ljbffr