Information Security Assurance Specialist Contract
- Minimum Baseline Clearance Required - Ideally seeking NV1, NV2 or PV Cleared
- Must have Federal Government or Defence experience - ISM, DSPF & PSPF
- Local & Interstate Travel Required - All expenses paid!
The Information Assurance Specialist is responsible for providing subject matter expertise for information systems and services deployed across the organisation and to customers. The Information Assurance Specialist conducts security assessments, remediates issues, develops and maintains security documentation, manages risk and recommends courses of action.
In addition, the Information Assurance Specialist provides subcontractor oversight as required and liaises with government agencies to ensure that the information system is able to achieve certification and accreditation milestones.
Specific responsibilities include, but are not limited to:
- Provide security related advice to project teams through the lifecycle of the information system including acquisition and sustainment.
- Provide security related advice to employees on designing, implementing, and operating internal systems as a part of the Information Risk Assessment and Management Process.
- Develop and maintain information security documentation including but not limited to: system overview documents; system risk management plans; system security plans; information security manual statements of applicability; standard operating procedures; and incident response plans.
- Develop, deliver, and monitor compliance to security awareness training applicable to the program, including external partners and contractors as required.
- Establish and maintain effective working relationships with applicable government agencies and authorities.
- In consultation with the applicable agencies and authorities, schedule and plan information assurance activities required to achieve accreditation and maintain compliance.
- Partner with independent external security assessors to plan and execute system certification and accreditation.
- Responsible for subcontractor technical management, including:
- Technical oversight and review of subcontractor information assurance design and solution deliverables, integration, verification and validation activities.
- Remains current on changes to relevant Defence and/or government standards, controls and guidelines including the Information Security Manual, Defence Security Manual, and Protective Security Policy Framework.
- Perform technical risk analysis as required.
- Plan, document and execute verification and validation activities.
- Tasks as directed in support of the project.
- Understand the systems engineering methodology, tools and procedures required to complete the assigned systems engineering tasks.
- Estimate effort to complete the project.
- Identify project and product risks and escalate using defined processes.
- Identify and record any problems relating to the product, process and quality system.
- Initiate, recommend or provide solutions through designated channels.
- Control further processing, delivery or installation of nonconforming product until the deficiency or unsatisfactory condition has been corrected.
- Previous experience making improvements to processes, systems or products to enhance performance of the work area.
- Ability to apply security and information assurance technical principles, theories and concepts.
- Ability to analyse and resolve complex technical problems.
- Advanced knowledge of Australian Defence and US Government security principles and standards including but not limited to:
- The Information Security Manual
- Defence Security Principles Framework
- Protective Security Policy Framework
- NIST 800-53
- NIST 800-171
- Skilled in at least one of the following and a Basic knowledge of the remainder:
- Linux or Windows Server and Client operating systems
- Basic knowledge of Emanation Security design principles.
- Skilled in the application of physical security controls.
- Minimum of 6 years relevant experience in Information & Cyber Security.
- Advanced knowledge in Defence and/or government standards, controls and guidelines.
- Experience in the development, delivery and integration of communications systems and IP networks.
- Bachelor Degree or Postgraduate qualifications in Information Technology, Engineering, or Cybersecurity.
- Information assurance management qualifications such as CISM, CISSP, or GSLC.
- Information assurance auditing qualifications such as CISA, CRISC, GSNA, ISO 27001 Lead Auditor, or PCI QSA.
- Certified IRAP Assessor.
For a confidential conversation apply now or email an updated Resume to email@example.com