Chief Information Security Officer
- Role located in Sydney
- Applications close on 15th January
- Commence in February 2021 (1/2/2021)
- 12 months contract with 2×12 month extension options at the clients discretion
- A NV1 security clearance is required for this role or the ability to obtain one
A Chief Information Security Officer is required to manage security measures to ensure:
- IT systems are protected against unauthorised access or compromise; and
- Information in electronic form is stored, processed and/or communicated in accordance with the law, Australian Government policies, and the information security requirements prescribed by the Entity’s Security policies and frameworks.
You will provide strategic level technical/professional advice to the Security Executive on the security of the Entity’s IT systems.
The CISO is also responsible for developing and updating IT security documentation, providing reports for internal and external stakeholders, and conducting reviews and investigations as appropriate.
Under broad direction you will:
- Act as the IT Security Adviser as defined in the Protective Security Governance Guidelines.
- Provide strategic level guidance on IT Security.
- Maintain an IT security framework including, policies, plans and procedures and raise awareness of information security issues with systems users and owners.
- Provide regular reports on cyber security and meet internal and external reporting obligations including input into the Archives’ annual Protective Security Policy Framework (PSPF) compliance report.
- Independently identify appropriate security risk mitigation measures in the development and delivery of IT projects.
- Conduct IT vulnerability assessments, take actions to mitigate threats, remediate vulnerabilities and escalate to the Director and Executive as appropriate.
- Maintain, monitor and update Web proxies, Mail proxies and End point protection applications/services amongst other applications/services.
- Monitor security for systems, including the application of ASD’s essential eight, respond to and investigate sensitive and complex cyber security incidents.
- Promote information security awareness training programs to all staff, deliver training when required.
- Maintain and track execution of the IT Security Plan.
- Promote and implement suitable IT Security policies and protocols as required by the Entity:
- Ensure IT users across the Entity adhere to the ISM & Security Framework.
- Ensure current and future applications, networks and other IT services operate in a secure environment.
- Ensure that staff across the Entity are aware of and comply with IT Security policies and procedures.
- Promote a culture that supports a secure IT environment.
- Take responsibility for auditing functions, systems, and procedures:
- Reporting on compliance with the PSPF.
- Ensure new and existing systems undergo Security Assessments and Threat Risk Analyses.
- Co-ordinate routine penetration and other IT security audits.
- Maintain the IT Security Risk Register.
- Act as a member of the Change Advisory Board, provide security advice on pending submissions to the CAB.
- Maintain the IT disaster recovery plan (IT DRP) in conjunction with the Business Continuity plan (BCP).
- Work with staff in Infrastructure and Business Applications to review and refine the IT DRP.
- Co-ordinate routine IT Disaster Recovery (DR) tests.
- A highly developed knowledge of the Australian Government Information Security Manual and Protective Security Policy Framework and current and emerging IT security technologies.
- Demonstrated ability to provide expert security advice, develop quality IT security policies, plans and procedures.
- Ability to work in a team environment delivering a high level of customer service, with the ability to build strong working relationships and trust with clients, stakeholders and senior management.
- Demonstrated high level of communication skills with effective presentation and representation skills.
- Highly developed knowledge of risk management principles and practices and project management skills.
- Demonstrated knowledge of and commitment to the APS Code of Conduct and Values, the principles and practices of workplace diversity, work, health and safety, workplace consultation and an ability to manage, promote and apply them in the workplace.