Cyber Risk Analyst

• Initial Contract Period for 12 months with further period of 12 months
• Location: ACT VIC
• Security : Must have Negative Vetting Level 1

About the Role:

SoftLabs is seeking Cyber Risk Analyst for ICT Labour hire at their technology consulting based in Canberra Melbourne.

Requirements:

Key duties may include but are not limited to:

• Identify test and assess applicable security controls in line with the Australian Government PSPF ISM and agency policies and guidelines.
• Assess the impact of risk against Enterprise Risk tolerance.
• Collaborate widely to ensure risk is assessed at an enterprise level and all plausible remediation activities are identified.
• Analyse and document security risk and recommend treatments and modifications to security practices and procedures using expertise and technical knowledge.
• Undertake security risk assessments on key technology components and identify areas for remediation and appropriate remediation controls.
• Work with the existing team members to analyse the cyber risks identified within the broader risk and controls environment to inform an assessment of the risk exposure.
• Undertake the categorisation and prioritisation of cyber risks (and associated remediation actions) identified.
• Document risk assessments within Service Australia templates.
• Facilitate discussions with system owners and technical leads around the risks identified and the appropriate remediations.
• Manage develop and support complex relationships with stakeholders to achieve work area goals.
• Assist with the development and implementation of security policies procedures projects and strategies.
• Continuously work to improve the efficiency and effectiveness of the cyber security service.
• Share knowledge and skills to identify and develop capability within the team.
• Educate and inform departmental staff to promote understanding and ensure adherence to security policy and processes.

Essential Criteria:

• Extensive demonstrated experience with risk and information security frameworks policies and standards including the Federal Government Protective Security Policy Framework (PSPF) and Information Security Manual (ISM) Essential Eight and international standards (ISO 27001/2).
• Experience analysing risks associated with cyber vulnerabilities external perimeter technologies (firewall and gateway services specifically) of complex environments.
• Ability to transfer knowledge and build capability within the team.
• Ability to document and communicate risk exposure to executive staff effectively to influence necessary change.

Desirable Criteria:

• Experience undertaking enterprise level cyber risk analysis at large Government departments on highly complex technology environments.
• Experience working with system owners and business stakeholders to develop appropriate remediation plans that take into account the underlying business functions and requirements.
• Strong verbal and written communication skills with the ability to convey complex technical concepts to nontechnical senior stakeholders.
• Demonstrated ability to think critically and solve complex problems.
• Strong stakeholder management skills and the ability to communicate security concepts to nontechnical audiences both verbally and in writing.
• Relevant tertiary or other qualifications.

Application Deadline: Monday 03 June 2024

Expected Start Date: Monday 01 July 2024

Job Type: Contract

Rate: As per Australian Market Standards

If you are interested in this position please click Apply with your resume in WORD and send your details for review. If you wish to have a confidential discussion call us onorfor more information

1. Strong stakeholder management skills 2. Strong verbal and written communication skills