About AARNet
Australia's Academic and Research Network (AARNet) was established in 1989 and is widely regarded as the founder of the Internet in Australia and renowned as the architect, builder and operator of world-class network infrastructure for research and education.
We are Australia's National Research and Education Network (NREN). We connect over one million users—researchers, faculty, staff and students—at institutions across Australia, supporting education and research across a diverse range disciplines including high energy physics, climate science, genomics, radio astronomy and the arts.
Nationally, AARNet interconnects Australian universities, the CSIRO, and other organisations who have a research and education mission, or with whom the education and research sector interacts. These include hospitals, vocational training providers, schools and museums.Internationally, AARNet interconnects the Australian Research and Education (R & E) community to the world – and continuously develops new capabilities and partnerships to facilitate seamless data access and transfer.
AARNet also offers a suite of supporting applications to our customers.These include network and collaboration services such as CloudStor and Zoom, that enable innovation in the delivery of research and education.
We are an organisation of innovators, doers, and courageous thinkers.We are not constrained by traditional products and solutions and we constantly strive to build the solutions that our customers will need tomorrow – today.If you have the imagination, foresight and drive to build the future why not come and join us?
The Role
The Security Governance Officer is a key role within AARNet's Cyber Security team to support the Head of Cyber Security with the management of AARNet's overall security Governance, Risk and Compliance (GRC) program including compliance to various regulations across government, industry and customers.This position proactively partners with the wider AARNet Information Security team, Privacy Officer and various AARNet internal and external stakeholders to continually improve cyber security maturity and influence across the security GRC domains, enabling AARNet to operate in a secure manner, whilst ensuring that AARNet products and services such as it's Security Operations Centre (SOC) meet certification requirements.
This is a 12 month maximum term role, being brought on to bring our ISO27001 program of work to completion.
Responsibilities
This role will support AARNet's Head of Cyber Security with the delivery of the GRC program which includes the following focus areas:
Governance and Risk Management
Maintenance of AARNet's Information Security policy and standards aligned to industry recognised frameworks where applicable such as ISO27001, Australian Signal Directorate (ASD) Essential 8, Information Security Manual (ISM), NIST
ISO27001 certification and SOC 2 reporting this includes but is not limited to:
Developing SOC-Specific Policies and Procedures: Assist in developing or revising information security policies and procedures that specifically address SOC operations and align with ISO 27001 standards. This may include incident response procedures, threat intelligence sharing protocols, and change management processes for SOC systems.
Developing SOC Documentation: Assist in creating and maintaining documentation required for ISO 27001 certification specific to the SOC, such as the SOC scope statement, risk treatment plan for SOC-related risks, and incident response procedures tailored to the SOC's workflow.
Internal Audit of SOC: Support remediation activities relating to documentation and process focusing on the SOC's adherence to ISO 27001 requirements.
Certification Audit Support: Support remediation activities relating to documentation and process focusing on the SOC's adherence to ISO 27001 requirements.
Monitoring and Review of SOC: Continuously monitor the effectiveness of security controls in the SOC environment, collect feedback from SOC personnel, and recommend improvements to ensure ongoing compliance with ISO 27001 and enhance the SOC's security posture.
Expertise, experience & qualifications
Experience in security risk management frameworks, controls and processes such as ISO31000, ISO27001, ISM, ASD8, NIST, including development of documentation
Experience in governance risk and compliance
Experience in performing security controls testing and auditing
Knowledge of Privacy Legislation, Australian Privacy Principles, and the Telecommunications Act, SOCI Act
GRC related industry recognised certificationsISO 27001 assessor, CISSP, CISM, CISA, GSEC
Important skills
Ability to problem solve in particular around process improvement and control implementation
Promotes collaboration between teams by removing roadblocks and fostering communication
Excellent communication skills including the ability to present ideas and outcomes to both technical and non-technical audiences
Technical and non technical writing skills including policies and standards, procedural documentation, process flow diagrams and reporting
#J-18808-Ljbffr
