Cyber GRC Analyst

Azooa

Azooa is currently preparing a response for RFQ LH-07090 and is seeking suitably qualified contractors for a Senior Cyber Advisor – Security Risk & Assurance opportunity with the Australian Federal Police (AFP) in Canberra.

This is a long-term engagement supporting the AFP's Covert & Technical Operations (CTO) Transition Program and the delivery of critical capabilities within the Next Generation Law Enforcement Monitoring Facility (NG-LEMF) program.

Position Overview

The AFP is seeking an experienced cyber security professional to provide specialist security risk, assurance, compliance and advisory services across significant law enforcement technology initiatives.

Working closely with AFP security teams, CIO Command stakeholders and project delivery teams, the successful contractor will ensure systems are secure, compliant and appropriately accredited throughout the project lifecycle.

Core Purpose

Provide expert cyber security advice, risk management, security assurance and architecture guidance to support the secure delivery and operation of AFP systems while ensuring alignment with government cyber security requirements, frameworks and accreditation standards.

Scope of Responsibilities

Cyber Security Risk & Assurance

Conduct comprehensive cyber security risk assessments across AFP systems and projects.
Identify, analyse and evaluate cyber threats, vulnerabilities and security risks.
Develop risk mitigation strategies and security recommendations.
Assess systems against cyber security standards, frameworks and compliance obligations.
Support ongoing security governance and assurance activities.

Security Architecture & Design Review

Provide cyber security architecture advice to assigned projects.
Undertake security design reviews and technical assessments.
Evaluate solutions against security and compliance objectives.
Support secure solution design and implementation activities.

Security Certification & Accreditation

Develop security documentation required for certification and accreditation activities.
Support security assessment and authorisation processes.
Produce artefacts required for security approvals and compliance reviews.
Contribute to accreditation and assurance activities across complex ICT environments.

Security Documentation

Prepare and maintain:

Security Risk Management Plans (SRMPs)
System Security Plans (SSPs)
Standard Operating Procedures (SOPs)
Security assessment documentation
Compliance reports
Security architecture documentation
IRAP-related assessment artefacts

Stakeholder Engagement

Liaise with Security and Chief Information Officer Command teams.
Capture and document security processes and requirements.
Provide specialist cyber security advice to stakeholders.
Support project teams in achieving security and compliance outcomes.

Technical Environment Coverage

Provide cyber security advice relating to:

Application interfaces
Databases
Infrastructure services
WAN and LAN networking
Software Defined Networks (SDN)
Mobility services
Enterprise systems and platforms

Key Deliverables

Cyber security risk assessments.
Security assurance and compliance reviews.
Security architecture assessments.
Security accreditation documentation.
Security Risk Management Plans.
System Security Plans.
Security governance artefacts.
Security design review reports.
Stakeholder advisory services.

Mandatory Requirements

Essential Experience

Minimum 5 years' experience in a Cyber Security Analyst, Cyber Security Advisor or similar cyber security role.
Demonstrated experience conducting cyber security risk assessments.
Experience producing security assurance and compliance documentation.
Experience providing cyber security advice within complex ICT environments.
Experience supporting security accreditation, certification or assurance activities.
Strong stakeholder engagement and communication skills.

Security Clearance

Current NV1 clearance

Technical Skills

SFIA Alignment

Cyber Security Analyst – SFIA Level 5

Candidates should demonstrate capability in:

Security risk assessment
Security assurance
Security architecture review
Security governance
Compliance assessment
Security documentation development
Accreditation support
Stakeholder advisory services

Evaluation Criteria

1. Achieve Results

Ability to achieve team objectives and deliver intended outcomes.
Build capability and responsiveness within teams.
Adapt to and support organisational change.

2. Ability to Deliver

Demonstrated capability and capacity to successfully provide the required services.

3. Relevant Experience

Demonstrated experience delivering similar cyber security advisory, risk and assurance services.

Engagement Details

RFQ Number: LH-07090

Client: Australian Federal Police (AFP)

Role: Senior Cyber Advisor – Security Risk & Assurance

Location: ACT

Working Arrangement: Onsite

Onsite Requirement: Minimum four (4) days per week onsite for stakeholder and team engagement

Start Date: 15 July 2026

Contract Duration: 12 Months

Hours: Up to 40 hours per week

Security Clearance: NV1 (or ability to obtain)

Level: APS5–APS6 Equivalent

Rate Guidance

Maximum rate: $910/day Inc Super

Azooa recommended winning range: $830–$880/day inc Super

Competitiveness Guide

$830–$850/day Inc Super – strongest chance of success.
$850–$880/day Inc Super – highly competitive.
$880–$910/day Inc Super – suitable for candidates bringing significant AFP, Defence, cyber security assurance, accreditation, security architecture or IRAP-related experience.

Higher rates within the approved range may still be considered where specialist cyber security expertise, current NV1 clearance, strong Federal Government experience, security accreditation expertise or niche technical capability can clearly justify the premium.

How Azooa Can Support You

Positioning your profile to maximise win probability.
Helping align your rate with current market expectations.
Assisting with tailored responses and submission strategy.
Providing access to similar Defence and Federal Government opportunities.