Cyber Security Risk Assessor in Remote, Australia

Application closing date: Monday, 25 November 2024 • 11:59pm, Canberra time

Estimated start date: Monday, 06 January 2025

Location of work: NSW

Working arrangements: Subject to negotiations with line manager, hybrid working arrangements in line with current NDIA policy are available (minimum of 3 days each week in the office, with flexible arrangements in place for the remaining 2 days).

Length of contract: 12 Months

Contract extensions: 1x 12 months

Security clearance: Must have NV1 Clearance

Rates: $100 – $130 per hour (inc. super)

The National Disability Insurance Agency (NDIA) is an independent statutory agency that is responsible for implementing the National Disability Insurance Scheme (NDIS), which will support a better life for hundreds of thousands of Australians with a significant and permanent disability and their families and carers. The NDIA values a positive contemporary attitude to disability.

The Cyber Security and Resilience Branch implements the requirements of government security policies and frameworks. This is achieved by providing strategic, tactical and operational Agency-wide oversight of Cyber Security and Operations. The Cyber Security & Resilience Team is responsible for identifying key security risks in the ICT environment and ensuring the NDIA is able to identify, mitigate and be resilient to cyber threat activity.

The team develops, governs, and maintains an enterprise data warehouse as well as the NDIA’s reporting platforms and production content. They design and build Business Intelligence (BI) interventions and prototype analytic solutions and reports, identifying trends and drivers of performance.

The Cyber Security Risk Assessor is accountable under broad direction to undertake very complex work that delivers quality outcomes across the diverse functions of the NDIA. The position is required to coordinate and assume responsibility to undertake detailed or sensitive projects that may include performing varied activities involving many different and unrelated processes or methods that may impact on the strategic or operational outcomes that support the NDIA’s objectives to “build a wor¹ld-leading National Disability Insurance Scheme”.

The Cyber Security Risk Assessor is responsible for actively managing key internal and external stakeholder relationships and where required will represent and negotiate on behalf of the NDIA to advance the NDIA’s interests across a range of forums.

Responsibilities of the role include but are not limited to:

• Leading and conducting security risk analysis of NDIA internal systems and assessing the cyber threat, inherent vulnerabilities and the likelihood and consequences of adverse threat activity.

• Implementing better-practice methodologies and risk management practices aligned with MITRE Att&ck Framework, NIST, ISO 31000/ISO 27001 and the PSPF.

• Developing and managing the production of multiple system-specific security documentation artefacts, including Statement of Applicability, System Security Plan, Security Risk Management Plan, Cyber Security Incident Response Plan, Continuous Monitoring Plan and Security Assessment Plan.

• Developing and managing Authority to Operate artefacts and managing security risks and controls uplift activities arising from cyber security risk analysis.

• Developing targeted security risk advice to allow the NDIA to prevent, detect and respond to cyber threat activity. • Developing IT security standards, policy, procedures, and controls for managing risks in a dynamic threat environment.

(NOTE: the key responsibilities of the role are based on current priorities and may change over time)

Essential Criteria

• 5 years-plus experience in cyber security with significant knowledge of cyber security risk concepts/Frameworks and their application in Government ICT systems

• High-level communication and influencing skills

• Degree in Computer science or related field, CISM, CISSP.