The Department of Parliamentary Services (DPS) is seeking a qualified cyber security professional to independently evaluate and document the security posture of DPS Jira cloud tenancy. This role involves developing comprehensive Security Risk Management Plan (SRMP), System Security Plan (SS) and System Security Plan Annexes (SSPAs) in alignment with the Information Security Manual (ISM) and the Protective Security Policy Framework (PSPF).

The creation of these documents outlining the alignment and compliance of DPS Jira cloud tenancy against the ISM and PSPF will be used to support business and system owners to make informed decisions and support DPS in system authorisations and accreditation processes.

Under limited direction, undertake duties in accordance with the agreed standards that include but are not limited to the following:

1. The SRMP outlines the approach to identifying, assessing, and managing security risks for a system or organisation:

• conduct cyber focused risk assessments aligned with applicable standards e.g., the ISM and the PSPF
• identify threats, vulnerabilities, and potential impacts
•  define risk treatment strategies and residual risk levels
• ensure the SRMP is reviewed and approved by the appropriate delegate within DPS Cyber Security Branch, and
•  maintain alignment with DPS cyber security strategies and the current threat environment.

2. The SSP provides detailed control implementation guidance, especially for systems built on platforms like Microsoft 365 or ASD’s Blueprint for Secure Cloud.

• develop and document the system’s security architecture and control implementation
• use ASD’s SSP template as a starting point and adapt it to the system context
• map controls to ISM requirements and assess their effectiveness
• collaborate with system owners and technical teams to ensure accuracy and
• ensure the SSP is approved by the system’s authorising officer

3. The SSP-A documents the system’s security architecture, controls, and compliance with ISM requirements:

• tailor the SSP-A to reflect the organisation’s specific control implementations and
• document additional controls beyond ISM where applicable.

4. Submission and Review

• Draft Preparation: Develop initial drafts of the SRMP, SSP, and SSP-A in alignment with applicable standards (e.g., ISM, PSPF).
• Stakeholder Engagement: Submit draft documents to relevant stakeholders (e.g., system owners, cyber security teams, governance bodies) for review and feedback.
• Incorporating Feedback: Analyse and incorporate feedback to refine the documents, ensuring clarity, completeness, and compliance.
• Finalisation: Prepare and submit final versions of the SRMP, SSP, and SSP-A for approval, ensuring they meet the requirements for successful service delivery and accreditation.
• Documentation Management: Maintain version control and ensure all documentation is stored securely and is accessible for audits or future updates in accordance with the DPS Records Management policy.

5. Shall perform other duties assigned by supervisor as necessary to enable DPS business needs.

Successful applicants must have an active Negative Vetting security clearance.