Multiple APS6 Governance, Risk & Compliance (GRC) Analyst

Location of work

ACT, QLD, VIC, WA

Onsite

Working arrangements will be at the discretion of the assigned work area, subject to operational need. Due to the nature of operations, not all work areas can accommodate work from home. Most roles are based in Canberra. However, we may be able to accommodate candidates in the Melbourne, Brisbane or Perth facilities. No other locations will be considered.

Maximum hours

40 hours per week

Security clearance

Must be able to obtain Negative Vetting Level 1

Job details

ASD requires multiple APS6 equivalent ICT Security Specialists to fill positions across the organisation. A merit pool will be created for future positions that may arise.

Must have either, NV1, NV2 and PV positions required. Candidates selected must hold a current AGSVA clearance to commence to contract with ASD. Please clearly indicate the level held within your responses.

ICT Security Specialists implement, manage and retire the infrastructure (including physical, virtual, networking and cloud infrastructure) that supports digital services. They also undertake complex technical assessment activities to ensure capabilities adhere to required security standards.

ICT Security Specialists will work independently with the opportunity for reasonable autonomy and accountability for the achievement of outcomes of their work. They will exercise both initiative and judgement in the interpretation of policy and in the application of practices and procedures. They will provide detailed information security technical, professional and policy advice in relation to complex work and contribute to strategic planning, program and project management and policy development.

Key duties and responsibilities

• Accountable to conduct security risk assessments and provide advice and guidance on the application and operation of procedural security controls.
  
• Responsible for ensuring that all identified breaches in information security are promptly managed according to the Australian Signals Directorate policies and procedures.
  
• Understand the security features and capabilities of current Australian Signals Directorate and industry accepted hardware and software products and provide advice to stakeholders.
  
• Use experience to explain systems security and the strengths and weaknesses that are relevant across the Australian Signals Directorate.
  
• Tailor communication style and language to provide guidance on security strategies to manage identified risks.
  
• Facilitate appropriate direction for the team by clearly communicating goals and objectives.
  
• Interpret security policy and contribute to the development of standards and guidelines that comply with the Australian Signals Directorate policy and procedures.
  
• Analyse and resolve identified security incidents in accordance with established procedures and recommend any required actions.
  
• Lead the application and compliance of security operations procedures and review information systems for actual or potential breaches in security.
  
• Build and sustain effective working relationships with team members and actively participate in teamwork and group activities.
  

Technical Skills:

• Certification as an Infosec Registered Assessors Program (IRAP) Assessor
  
• Experience ensuring technical systems adhere to Essential Eight, ISM, and PSPF frameworks
  
• Proven ability to communicate complex technical systems to non-technical audiences
  
• Excellent organisational & communication skills
  
• Proven record building, managing, & enhancing relationships with stakeholders
  
• Experience developing, managing, and implementing SOPs & procedures in support of security accreditation frameworks
  

Requirements

Criteria

You must provide a response to each criterion. Each response is limited to 3000 characters.

Essential criteria

1. SCAD 3 - Security operations: Level 3 (SFIA) Investigates minor security breaches in accordance with established procedures. Assists users in defining their access rights and privileges. Performs non-standard operational security tasks. Resolves security events and operational security issues.

2. SCAD 4 - Security operations: Level 4 (SFIA) Maintains operational security processes and checks that all requests for support are dealt with according to agreed procedures. Provides advice on defining access rights and the application and operation of elementary physical, procedural and technical security controls. Investigates security breaches in accordance with established procedures and recommends required actions. Provides support and checks that corrective actions are implemented.

3. SCTY 4 - Information security: Level 4 (SFIA) Provides guidance on the application and operation of elementary physical, procedural and technical security controls. Explains the purpose of security controls and performs security risk and business impact analysis for medium complexity information systems. Identifies risks that arise from potential technical solution architectures. Designs alternate solutions or countermeasures and ensures they mitigate identified risks. Investigates suspected attacks and supports security incident management.

4. INAS 4 - Information assurance: Level 4 (SFIA) Performs technical assessments and/or accreditation of complex or higher-risk information systems. Identifies risk mitigation measures required in addition to the standard organisation or domain measures. Establishes the requirement for accreditation evidence from delivery partners and communicates accreditation requirements to stakeholders. Contributes to planning and organisation of information assurance and accreditation activities. Contributes to development of and implementation of information assurance processes.

Additional requirements

1. What level of security clearance do you hold and provide your AGSVA CSID?