Application closing date: Friday, 15 November 2024 • 11:59pm, Canberra time
Estimated start date: Monday, 16 December 2024
Location of work: NSW
Working arrangements: Subject to negotiations with line manager, hybrid working arrangements in line with current NDIA policy are available (minimum of 3 days each week in the office, with flexible arrangements in place for the remaining 2 days).
Length of contract: 12 Months
Contract extensions: 1x 12 months
Security clearance: Must have NV1 Clearance
Rates: $80 - $100 per hour (inc. super)
The National Disability Insurance Agency (NDIA) is an independent statutory agency responsible for implementing the National Disability Insurance Scheme (NDIS), supporting a better life for Australians with significant and permanent disabilities and their families and carers. The NDIA values a positive contemporary attitude to disability.
The Cyber Security and Resilience Branch implements government security policies and frameworks by providing strategic, tactical, and operational Agency-wide oversight of Cyber Security and Operations. The Cyber Security & Resilience Team identifies key security risks in the ICT environment and ensures the NDIA can identify, mitigate, and be resilient to cyber threat activity.
The team develops, governs, and maintains an enterprise data warehouse as well as the NDIA's reporting platforms and production content. They design and build Business Intelligence (BI) interventions and prototype analytic solutions and reports, identifying trends and drivers of performance.
The Cyber Security Risk Analyst is accountable under broad direction to undertake work that delivers outcomes across the NDIA. The position involves undertaking projects that may include performing varied activities involving many different and unrelated processes or methods impacting the strategic or operational outcomes that support the NDIA's objectives to "build a world-leading National Disability Insurance Scheme."
Responsibilities of the role include but are not limited to: Conducting security risk analysis of NDIA internal systems and assessing the cyber threat, inherent vulnerabilities, and the likelihood and consequences of adverse threat activity. Implementing better-practice methodologies and risk management practices aligned with MITRE Att&ck Framework, NIST, ISO 31000/ISO 27001, and the PSPF. Developing system-specific security documentation artefacts, including Statement of Applicability, System Security Plan, Security Risk Management Plan, Cyber Security Incident Response Plan, Continuous Monitoring Plan, and Security Assessment Plan. Managing security risks and controls uplift activities arising from cyber security risk analysis. Providing security risk advice to allow the NDIA to prevent, detect, and respond to cyber threat activity. (NOTE: the key responsibilities of the role are based on current priorities and may change over time) Essential Criteria: Minimum of 5 years' experience in Cyber Governance, Risk and Compliance, or a related field of cyber security. Must be an Australian citizen and hold a minimum NV1 Security Clearance. Demonstrated experience in the production of system-specific security documentation artefacts aligned to the Information Security Manual Suite of documentation. Demonstrated experience conducting security risk analysis of ICT systems and assessing the cyber threat, inherent vulnerabilities, and the likelihood and consequences of adverse cyber threat activity. Desirable Criteria: CISM, CISSP, or other cyber security qualifications. A degree in computer science or a related field.
#J-18808-Ljbffr