Our Federal Government client is seeking an experienced Senior GRC consultant.
Deliverables:The contractors will be employed on a time and materials basis. Notwithstanding, the following deliverables are envisaged during the term of this engagement:
Conduct security due diligence, compliance, risk management and assessment-related activities inclusive of producing technical security documentation, maintaining configuration management, and conducting security-based audits of classified land mission systems and networks.These activities are to be in accordance with Defence ICT Certification and Accreditation Framework and relevant Australian Communications Security instructions.A Land Mission System Security Accreditation Plan is required to be developed and maintained.Engage with AHQ, CJC, CASG, CIOG and internal staff to develop project or capability-specific security documentation, including its submission for endorsement and approval by CIOG and to support security accreditation by the Accreditation Authority, and the conduct of regular audits against ISM and DSM compliance requirements.Provide technical information security, and security accreditation subject matter expertise into:Workshops discussing system (hardware and software) integration into Army's Land Combat System and the wider Joint Force as required.Development of relevant training packages and courses related to security architectures, in-force ICT security accreditation, and policy inclusive of procedures to be undertaken by equipment operators and capability staff to maintain accreditation.Development of system architecture and design documentation.Land Mission System architectural development and Function and Performance Specification development to support generalist military staff across the Land Capability Programs.Cross Domain Solution design and development.Conduct information and mission system security reviews, as well as periodic threat and risk assessments, and propose remediation options to minimise risk or meet compliance criteria.Attend workshops and actively participate, or lead, to provide robust ICT security advice within information security and technical accreditation discussions, as required.Produce information security reports post conduct of trials, including analysis within technical risk profiles and recommendations for improvement.Report to, and undertake additional tasking from the SO2 LCS Assurance or Deputy Director Land Network Integration-Army as required.Apply the APS code of conduct and principles of Equity and Diversity, Industrial Democracy and OH&S.Undertake additional related tasks as directed by Executive.Specified Personnel:The following experience and qualifications are highly desirable for the Person:
Are certified Information Systems Security Professionals.Are certified, or have experience in the Department of Defence Information Security Registered Assessors Program (IRAP).Are formally trained in information security management systems (e.g. ISO 27001), and have a strong understanding of how this can be applied within Defence ICT domains and CIOG processes.Have detailed knowledge of information security policy applicable to the Department of Defence including: Protective Security Policy Framework, Information Security Manual, Defence Security Principles Framework, and the ASD Essential Eight and Strategies to Mitigate Cyber Security Incidents.Have extensive (greater than seven years) experience in ICT Information Security or ICT Security Architectures, preferably with deployable communications network systems in the Defence domain.Have a detailed understanding of deployable communication and information systems (CIS) operation, including staff processes within operational and tactical headquarters.Have knowledge of CIS service delivery frameworks, including ITIL.The Key Person will report directly to SO2 LCS Assurance in order to achieve the required deliverables.
A three (3) month period of probation is imposed as a condition of engagement for all new contracted key person.
Location(s):Symonston, ACT
Security Clearance(s) required for personnel working on this Task:The AGSVA Security Clearance required for Service Provider personnel working on this task is a minimum of NV1 on the commencement of the contract. The specified person may be required to undergo a security clearance upgrade to NV2 over the course of the contract.
#J-18808-Ljbffr