Chief Information Security Officer (CISO)auDA works with industry to strengthen the cyber security of the entire .au domain name system "supply-chain" to enhance trust in the .au ccTLD including the registry, registrars (and their resellers), web hosting companies and registrants..au Domain Administration Limited (auDA) is Australia's country code Top Level Domain (ccTLD) administrator and self-regulatory policy body, which oversees the operation and management framework of the .au domain of the internet.Endorsed by the Australian Government, its job is to provide a secure and operational domain for more than 20 million Australian internet users.auDA has been declared as the entity that is critical to the administration of the Australian domain name system. It operates security controls to reduce the likelihood of a successful cyber-attack and implements security practices to improve auDA's cyber resilience.DescriptionReporting to the Chief Operating Officer, the CISO will be responsible for:Managing all business stakeholder relationships with respect to Cyber Security, including with Government agencies such as the Australian Signals Directorate (ASD), and Department of Home Affairs.Participating in long and medium-term decisions concerning the organisation's IT strategy and direction.Developing, implementing and maintaining business continuity and disaster recovery plans for auDA to ensure that business-critical services are supported appropriately in the event of a disaster.Ensuring auDA's compliance with cyber security policy, standards (Including ISO 27001 and ISO 22301), regulations and legislation (including SOCI Act).Overseeing the management of cyber security personnel within auDA, including plans to attract, train and retain cyber security personnel.Overseeing cyber supply chain risk management activities for auDA, including ensuring that consistent vendor management processes are applied across auDA, from discovery through to ongoing management.ProfileAs the successful applicant you will ideally possess:10+ years of IT team management experience at a senior level.Program management experience including the ability to develop and implement an organisation security strategy and drive execution of cyber security and resilience program.Relevant tertiary level qualifications, and relevant professional certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Information Security Auditor (CISM).Understanding of key technical components of Cyber Security, including Encryption, Firewalls, Access control, Cloud-based security services, and Software as a Service (SaaS) Security.Understanding and experience implementing international standards relevant to Information Security including ISO 27001 (Information Security Management System) and ISO 22301 (Business Continuity Management System).Experience in data-driven decision making, including developing insights from data and analytics.Understanding and experience with enterprise risk management (e.g. ISO 31000) and maintaining a risk register.Experience performing security risk assessments of IT vendors (registry, data centres, software providers) and supply chain (registrars).Understanding of all applicable legislation influencing Cyber Security, including the Security of Critical Infrastructure (SOCI) Act 2018 and Privacy Act 1988.Excellent communication skills, both written and verbal.Experience at training people from a non-IT background in key aspects of cyber security.Job OfferNewly created position. Oversee effective operation of all security and cyber resilience activities. Ensure alignment of information and cyber security policy and practices. Great culture. Competitive remuneration.To apply online please click the 'Apply' button below. For a confidential discussion about this role please contact George Kauye on 0415 435 650.
#J-18808-Ljbffr
