22CeSC125 - Senior Security Advisor

⁠⁠⁠\Based in either Pyrmont NSW or Canberra ACT, the eSafety Commissioner is seeking a highly motivated and experienced candidate to fill the role of Senior Security Advisor.

eSafety is a small federal government agency established in 2015 consisting of 215 staff across Regulatory Investigations; Education, Prevention, and Inclusion; International Strategy and Future; as well as Corporate functions. The right candidate for this role will be comfortable working within a fast-paced, growing organisation and will enjoy the opportunity to take proactive ownership of their work to help eSafety achieve its strategic goals of helping keep Australian citizens safe online.

The Technology and Digital Branch is responsible for providing eSafety's ICT and Digital products and services; managing IT operations alongside a government shared services provider; developing new systems and capabilities; and implementing optimal IT governance. The Branch is also responsible for providing IT security services to the organisation including the ongoing assessment of new and existing systems and technologies, maintenance of IT security documentation and operations, and promoting a positive security culture within the agency.

eSafety are seeking a Senior Security Advisor to lead eSafety's security operations and develop a strategy and roadmap to further mature its overall security management capabilities.

Duties

The Senior Security Advisor will be required to lead security activities within the Branch and participate in security governance and planning activities at an IT, physical and personnel security level. The role will work with the CIO and eSafety’s 3rd party cyber partner to establish a security strategy and conduct risk planning tasks such as outlining security goals, establishing risk tolerances, and reporting on security system risk and cultural maturity to the senior executive team.

The initial directives given to the Senior Security Advisor include:

• assess current systems, policies, plans and security operations to identify and implement opportunities for improvement
• set up a regular reporting format and meeting structure within the Branch to improve governance over security matters
• set up a process/method for end users to engage with the security function and report issues/concerns
• take ownership of key security policies, plans and assessments to ensure they are kept up to date
• provide regular security status reporting to the CIO including key threats/issues, Essential 8 compliance, and other required security reporting
• work as a trusted security advisor within the Technology and Digital Branch, conducting threat/risk assessments on new software, providing knowledgeable security guidance and remaining up to date on changes to the Information Security Manual and impacts on eSafety’s operations

The Senior Security Advisor will also be responsible for developing new initiatives for eSafety that promote a positive security culture such as security training and awareness programs, creating, rolling out and monitoring user policies, and will be expected to have experience in running or facilitating internal/external training regarding personnel, physical and IT security.

The Senior Security Advisor will also be responsible for operating and coordinating all ongoing key security operational duties within eSafety, leveraging eSafety’s 3rd party cyber partners where needed for support and resourcing, which include but are not limited to Incident Response; system security continuous improvement, creation and maintenance of System Security Plans (SSP), Security Risk Management Plans (SRMP) and Incident Response Plans (IRP); completing Threat Risk Assessments (TRAs), and regularly reporting on the progress of security work, along with risks and issues to management.

eSafety's security governance structure also includes staff within its parent Department. This role will need to work closely with other inter-departmental security roles and teams to identify, assess, and mitigate risk within the IT and physical landscapes due to overlapping governance structures and sharing of physical facilities. The Senior Security Advisor will be required to collaborate with the parent Department’s security team, sharing knowledge and working together when developing, and implementing plans and policies.