Under the broad supervision and guidance of the Chief Technology Officer, you will be responsible for personnel, physical and information security controls and compliance within the ANAO.
The key duties of the position include: Manage the ANAO's application of the Information Security Manual (ISM) and ACSC Essential Eight Maturity Model using a risk-based approach to protect ANAO ICT systems and information assets;Conduct reviews, investigations and assessments in support of internal requirements and government requirements such as the annual PSPF Compliance report and the ANAO Protective Security Risk Review;Assist in the design and implementation of controls in the physical, personnel and information security space;Investigate security matters and prepare advice to senior management on the security of the agency's Information Communications Technology (ICT) systems;Act as Assistant Agency Security Adviser (ASA) with responsibility for supporting the ASA to provide protective security arrangements, liaison with ASIO, the AFP, other agencies and organisations. This includes managing security clearance requests, ensuring that staff maintain the required security clearance, conducting reviews and assessments;Develop and maintain policy, instructions and guidelines, and coordinate with relevant ANAO staff, contractors and agencies to ensure compliance with relevant legislative, whole of government policies and regulatory frameworks;Develop and maintain plans and procedures for other security issues, business continuity and emergency management. This includes the ANAO Incident Response Plan, various security plans, Business Continuity Plan and emergency management plan;Develop and deliver training, education and awareness programs to ANAO staff on workplace safety, emergency management and security matters and engage with the communications team to improve awareness of these matters. The work is characterised by:
A degree of independent action and initiative within supervisory constraints;Responsibilities that are of a technical, professional, procedural or processing nature;Supported decision making within legislative requirements and consistent with internal policies and operating procedures;A strong team environment with a strong client focus;Close liaison and co-operation with internal clients. Who we are looking for: There are no mandatory qualifications for this role. However, the following skills, knowledge and attributes are highly desirable:
Knowledge of the Commonwealth's Protective Security Policy Framework (PSPF), Information Security Manual (ISM) and ACSC Essential Eight Maturity Model;Demonstrated knowledge and experience in the delivery of security services, including emergency management, Business Continuity Planning and Risk Management;Demonstrated capacity to work in a multi-disciplined team with a broad range of responsibilities;Demonstrated skills and experience in investigation, evaluation and assessment;Demonstrated experience in writing and communicating policy, procedures and plans relating to security, emergency management, and business continuity management;Awareness of national and international ICT security standards;Well-developed analytical, conceptual and written and communication skills;Well-developed client focus, with the ability to interact with clients at all levels; the ability to work well within a small team and as an individual and the ability to effectively manage conflicting priorities;Highly motivated and adaptable and willing to work outside normal working hours when required.
#J-18808-Ljbffr