Cyber Security Assessor SFIA SCTY Level 4, SFIA BURM Level 4

⁠⁠⁠ASD’s CESAR package ensures we can identify more cyber threats, disrupt more cybercriminals offshore, build more partnerships with industry and government and protect more Australians.

These additional measures include protections for critical infrastructure facilities, strengthening our partnerships with industry and boosting the provision of cyber security advice to families, older Australians and small businesses.

ACSC is working with critical infrastructure owners and operators to understand and uplift their cyber security. The work will be informed and supported by the ACSC’s ongoing technical cyber security advice and guidance.

There is an expectation that successful candidates will work 5 days per week (estimated 40 hour week). On boarding is in Canberra, noting there is be a requirement for short term occasional travel within Australia.

The Cyber Security Assessor conducts independent comprehensive assessments of the management, operational, and technical security controls and control enhancements employed within or inherited by an information technology (IT) system to determine the overall effectiveness of the controls.
The person will possess broad knowledge in:
• Current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilising standards-based concepts and capabilities,
• Cyber security and privacy principles used to manage risks related to the use, processing, storage and transmission of information or data,
• Cyber threats and vulnerabilities, and
• Critical Information systems with information communication technology that were designed without security considerations.

The person will possess skills in:
• Performing risk assessments and review of systems,
• Technical writing, including developing and editing assessment products,
• Interpreting vulnerability scanner results to identify vulnerabilities,
• Interfacing with customers, and
• Preparing and presenting briefings.

The Cyber Security Assessor’s major responsibilities include:
• Develop security compliance processes and/or audits for external services,
• Assess the effectiveness of security controls,
• Perform security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk management strategy,
• Verify that application software/network/ system security postures are implemented as stated, document deviations, and recommend required actions to correct those deviations, and
• Participate in Risk Governance processes to provide security risk, mitigations and input on other technical risk.

The role is full time onsite in our Canberra offices only.