Information Security (Risk and Compliance) AdvisorKEY ACCOUNTABILITIESInformation Security Risk Management:Prepare reports and communicate with stakeholders (including staff and external parties) the compliance against information security obligations of the Franchise Agreement.Define and regularly update the Protective Data Security Plan (PDSP) and monitor the progress of the plan execution.Ensure alignment of the Information Security Management System (ISMS) with the legal and regulatory environment.Information Security Compliance:Ensure compliance with the Information Security Risk management standards ISO 27005 and OVIC Victorian Protective Data Security Standards (VPDSS).Establish, implement, and maintain Security Risk Profile Assessments (SRPA).Participate in regular OCMS Risk review meetings and ensure that all relevant OCMS Risk are accurate and up to date.Trigger Risk reviews and maintain Information Security Risk Register in the Corporate Risk Management System.Establish, implement, and maintain an Information Asset Register to PDSP requirements.Establish, implement, and maintain an Information Security Risk Management Framework.Establish, implement, and maintain Third-Party Risk Assessment processes.Participate in Architecture meetings and forums and provide Security Risk Assessments.Maintain the Information Security Guidelines for controls applicable to security risks.Engage independent security auditors and testers as and when required.Establish, implement, and maintain Exemption processes.Information Security Remediation:Planning and maintaining the annual ISMS Upgrade Plan;Planning and maintaining the Technical Remediation Register;Planning and maintaining the Governance Remediation Register;Following-up and Reporting on Remediation activities.Assurance, Governance and Operational:Compliance reporting to stakeholders;Conducting risk assessment and Maintaining Risk Register;Provide back-up for Operational Security activities as appropriate.EXPERIENCE5-10 years' Experience in OCMS Information Security Management and auditing.Proven ability to successfully develop, implement, enforce, audit, and continuously improve information security governance frameworks/systems work.Significant experience in developing and implementing information security frameworks.Sound understanding of information security and its relationship to organisational risk and enterprise architecture.Sound knowledge of measures to secure networks, data centres, server infrastructure, applications, and databases.Sound knowledge and understanding of relevant security frameworks, standards, and policies, including the Victorian Protective Data Security Framework (VPDSF), Victorian Protective Data Security Standards (VPDSS) and the Australian Signals Directorate (ASD) guidance tools such as the Information Security Manual (ISM).Knowledge of and experience in disaster recovery and business continuity.Understanding of various Risk Management frameworks such as NIST 800, ISO 27005 and ISO 31000.Proven experience in participating in consultative mechanisms, including user groups.ON OFFERDaily rate $750~$900Immediate startHybrid workLong-term contract (June 2025 with potential to extend)
#J-18808-Ljbffr