IT Security Lead - 21AMSA041

AMSA is looking for an IT Security Lead to provide IT Security leadership and to manage day-to-day IT security outcomes. Duties include:
• Lead the development and implementation of IT security strategy, framework, policies and guidelines, proactively assessing AMSA’s current security posture for potential weaknesses and defensive gaps in order to ensure IT Security safety, recommending and overseeing the delivery of improvements.
• Working with AMSA’s IT Managed Services Provider, other third-party IT service providers and relevant AMSA staff, manage the day-to-day security operations to remediate prioritised security vulnerabilities.
• Work with internal providers and external agencies to obtain and ensure implementation of IT security vulnerabilities, advisories and security risks and manage the delivery
• Provide strategic advice relating to IT security vulnerabilities, advisories and security risks
• Identify IT security gaps; evaluating, recommending and implementing improvements
• Maintain and ensure the delivery of the IT Security Roadmap
• Plan, develop and deliver IT security education, training and awareness programs to improve appreciation and understanding of organisational cyber security within AMSA
• Conduct system security reviews, vulnerability analyses and risk assessments using the Information Security Manual (ISM) control framework
• Guide and manage delivery of certification documentation such as system security plans, arrange Penetration tests and security risk assessments
• Provide guidance and direction on the security needs of new information, communication and technology solutions and ensuring architectural principles are applied during design to reduce risk.
• Working with AMSA’s IT Managed Services Provider, other third-party IT service providers, and using existing IT security monitoring and reporting tools, identify trends and anomalies advise on potential risk and vulnerabilities and actions to proactively address risks.
• Conduct analysis and research to advise on current and future IT security related technologies
• Develop, update and monitor compliance with AMSA's security policies, patterns, guidelines, playbooks and standards
• Supporting and ensuring that the AMSA IT Security environment is maintained.

****NOTE TO SELLERS: PLEASE READ BEFORE SUBMITTING QUESTIONS****

Based on common questions to our roles, the following should be used as a guide. Agencies that submit questions that are addressed below will not be answered.

Applicants should understand AMSA's business and our mission. The Project teams are small resource groups working closely with other business teams and stakeholders, so ability to perform cohesively in this space is key. Candidates MUST only be proposed if they have a genuine interest in working in this environment, be considered a good fit for a high performing team in a small organisation and have been vetted against the must have and desirable criteria.

Responses MUST include statements against all the criteria. Candidates that do not address the criteria in their submission may not be considered. Agencies should not submit candidates that do not meet ALL the mandatory criteria.

This role is CANBERRA BASED. AMSA will not consider options for candidates to work outside of the ACT. Pending return to work status, the role is ON SITE in Braddon.

This is a new position, with no incumbent and is not a market test.

Questions regarding rate, budget and margins will not be answered. A rate has deliberately not been set. Vendors should price candidates competitively for the Canberra market. AMSA will use the Digital Marketplace rate guide to determine a suitable average rate.

Timeline for start is a guide only and will depend on evaluation, contract and notice period.