cyber security specialist - grc.

The Cybersecurity Specialist is responsible for ensuring and verifying compliance against relevant cybersecurity frameworks and standards to achieve and maintain security certification and accreditation (C&A) for systems and capabilities across various projects. This role provides timely and accurate cyber worthiness advice and input to project engineering teams throughout the system lifecycle, adhering to customer needs and regulatory requirements. The Cybersecurity Specialist actively supports the CSO/CISO in implementing security obligations under relevant security programs and internal security policies, contributing to a robust security posture within project and program environments. This role involves stakeholder engagement, conducting cybersecurity assignments, and developing practical security solutions.

Key Responsibilities:

• Compliance and Accreditation:
• Document and verify compliance against cybersecurity frameworks and standards required for security certification and accreditation (C&A) of systems and capabilities across various projects.
• Prepare and maintain C&A document packs for submission to certifying authorities for approval.
• Contribute timely and accurate cyber worthiness advice and input to project engineering teams during design, development, and sustainment phases.
• Analyse and apply cybersecurity principles, regulatory requirements, and standards during system development and sustainment phases.
• Devise and deliver practical and economical solutions that are cyber worthy to operate and maintain.

Security Policy and Program Support:

• Support the CSO/CISO in the implementation of security obligations under relevant security programs (e.g., Defence Industry Security Program).
• Contribute to the implementation of the organisation's Information Security Policy, Security Policies & Plans (SPP), and Security Classification & Categorisation Guides (SCCG).
• Support the maintenance of the organisation's overall security posture within project and program environments.
• May assist in the development of project plans, specifications, and schedules
• Vulnerability Management:
• Plan and implement activities across the Vulnerability Management lifecycle: Discover, Prioritise, Assess, Remediate (including Patch Management), and preparation of Security Reports.
• Governance, Risk and Compliance (GRC):
• Prepare and maintain project Governance, Risk and Compliance (GRC) artefacts from inception to review/approval and subsequent revision.
• Facilitate and compile security risk assessments (SRAs) on behalf of and in conjunction with the customer.
• Security Requirements and Modeling:
• Perform functional decomposition of security requirements and modeling of solutions.

Qualifications and Experience:

• Relevant cybersecurity and/or ICT related formal education, certifications, and/or qualifications.
• 3-5 years of relevant experience (IT).
• Minimum 3 years’ experience in Information Security, Risk Management, Audit, or equivalent role, coupled with formal education or certification in IS, IT, Risk Management, Audit, or equivalent.
• Demonstrated understanding of relevant Australian Government cybersecurity frameworks and standards (PSPF, DSPF, ISM).
• Experience in conducting security risk assessments and developing security documentation.
• Strong analytical and problem-solving skills.
• Excellent communication and interpersonal skills, with the ability to engage effectively with stakeholders at various levels.
• Ability to work independently and as part of a team.

Desirable Skills and Experience:

• Relevant industry certifications (e.g., CISSP, CISM, Security+, CompTIA CySA+).
• MUST have NV1/NV2
• Experience with vulnerability management tools and processes.
• Knowledge of security architecture and design principles.

Applicants must have NV1/NV2 Clearance

ONLY shortlisted applicants will be contacted.

APPLY NOW for my immediate consideration by submitting your CV. Should you have any questions or queries, please contact Tanu Ghosh on 0466782339 or tanu.ghosh@randstaddigital.com.au for a confidential discussion.

At Randstad Digital, we are passionate about providing equal employment opportunities and embracing diversity to the benefit of all. We actively encourage applications from any background.