Application closing date: Monday, 25 November 2024 • 11:59pm, Canberra time
Estimated start date: Monday, 06 January 2025
Location of work: NSW
Working arrangements: Subject to negotiations with line manager, hybrid working arrangements in line with current NDIA policy are available (minimum of 3 days each week in the office, with flexible arrangements in place for the remaining 2 days).
Length of contract: 12 Months
Contract extensions: 1x 12 months
Security clearance: Must have NV1 Clearance
Rates: $100 - $130 per hour (inc. super)
The National Disability Insurance Agency (NDIA) is an independent statutory agency responsible for implementing the National Disability Insurance Scheme (NDIS), supporting a better life for Australians with significant and permanent disabilities and their families and carers. The NDIA values a positive contemporary attitude to disability.
The Cyber Security and Resilience Branch implements government security policies and frameworks by providing strategic, tactical, and operational oversight of Cyber Security and Operations. The Cyber Security & Resilience Team identifies key security risks in the ICT environment, ensuring the NDIA can identify, mitigate, and be resilient to cyber threats.
The team develops, governs, and maintains an enterprise data warehouse as well as the NDIA's reporting platforms and production content. They design and build Business Intelligence (BI) interventions and prototype analytic solutions and reports, identifying trends and drivers of performance.
The Cyber Security Risk Assessor is accountable under broad direction to undertake complex work that delivers quality outcomes across the diverse functions of the NDIA. The position coordinates detailed or sensitive projects that may impact strategic or operational outcomes supporting the NDIA's objectives to build a world-leading National Disability Insurance Scheme.
The Cyber Security Risk Assessor is responsible for actively managing key internal and external stakeholder relationships and will represent and negotiate on behalf of the NDIA to advance its interests across various forums.
Responsibilities of the role include but are not limited to: Leading and conducting security risk analysis of NDIA internal systems and assessing the cyber threat, inherent vulnerabilities, and the likelihood and consequences of adverse threat activity. Implementing better-practice methodologies and risk management practices aligned with MITRE ATT&CK Framework, NIST, ISO 31000/ISO 27001, and the PSPF. Developing and managing the production of multiple system-specific security documentation artifacts, including Statement of Applicability, System Security Plan, Security Risk Management Plan, Cyber Security Incident Response Plan, Continuous Monitoring Plan, and Security Assessment Plan. Developing and managing Authority to Operate artifacts and managing security risks and controls uplift activities arising from cyber security risk analysis. Providing targeted security risk advice to enable the NDIA to prevent, detect, and respond to cyber threat activity. Developing IT security standards, policies, procedures, and controls for managing risks in a dynamic threat environment. Essential Criteria: 5 years-plus experience in cyber security with significant knowledge of cyber security risk concepts/Frameworks and their application in Government ICT systems. High-level communication and influencing skills. Degree in Computer Science or related field, CISM, CISSP.
#J-18808-Ljbffr