Cyber Security Assessor

Assemble Solutions

On behalf of our clients who operate in the Australian Defence sector, I am currently looking for an experienced Cyber Security Assessor who holds NV1 or above clearance.

The role is being offered as a long-term day rate contract position and will be based from client's site in Canberra (please note that due to the nature of the work remote work from other States of Australia are not available for this role so you must reside in Canberra or be willing to relocate yourself full time).

ROLE DUTIES

As the Cyber Security Assessor, you will be required to provide independent ICT and Cyber Security Assessment and authorisation services.

You will conduct security assessments across acquisition, sustainment and capability enhancement activities to ensure systems achieve and maintain Authority to Operate (ATO) in accordance with the Information Security Manual (ISM), Defence Security Policy Framework (DSPF), and Defence Cyber Security Assessment and Authorisation Framework (CSAAF).

The role will provide assurance through the identification, assessment and treatment of cyber security risks, development of security artefacts and assessment reports, and ongoing engagement with stakeholders to support system accreditation and authorisation activities.

THE ROLE REQUIRED EXPERIENCE IN

  • Conducting security Assessment and Authorisation in accordance with the CSAAF and DCIAB CSAA.
  • Developing security architecture patterns and integrating them with the broader Defence system architectures.
  • Developing, reviewing, assessing and evaluating security strategies, plans, specifications, and documentation that support the acquisition and sustainment of capability to meet Defence’s needs (including liaison with security assessment and authorisation authorities).
  • Developing (in collaboration with engineering) the security elements of overall system architecture and engineering plans, specifications and documentation that supports the acquisition and sustainment of capability to meet Defence’s needs.
  • Conducting security capabilities requirement analysis relevant to the acquisition of capability in a complex Defence environment (including support to technical certification, and security assessment and authorisation processes).
  • Developing requirements and performance targets for the cyber security test and evaluation plans.
  • Supporting complex procurement activities including development solicitation documentation (statements of work and statements of requirement) and the review and evaluation of responses to market approaches.
  • Conducting security architecture and design review boards
  • Conducting security architecture and design review boards.

OTHER ESSENTIAL SKILLS REQUIRED

  • At least 5 years’ experience working with military in Cyber Security
  • At least 2 years’ experience assessing systems against DCSAAF and ISM/DSPF/PSPF.
  • Comprehensive understanding of the Australian Government Information Security Manual (ISM)
  • Comprehensive understanding of Defence Security Policy Framework and security control requirements.
  • Comprehensive understanding of the Defence Cyber Security Assessment and Authorisation Framework (CSAAF).
  • Comprehensive understanding of the Once Defence Capability System (formally the Capability Life Cycle)
  • Requirement’s development and\or business analysis skills.
  • Very strong written, presentation and oral communication skills.

QUALIFICATIONS

  • ISC2 – Certified Information System Security Professional (CISSP) or equivalent category A Security leadership qualification.
  • Sherwood Applied Business Security Architect (SABSA) Foundation Certificate or SABSA Practitioner certificate or equivalent Enterprise Security Architecture qualification.
  • ISACA – Certified Information Systems Auditor (CISA) or equivalent Category B System Auditing Certification.

If you have the aforementioned skills / capabilities and would like to be considered or learn more about this role please APPLY now with a copy of your updated resume or reach out directly by sending an email to ***email_hidden***