This role provides guidance on the application and operation of security controls, performing security risk and business impact analyses, and identifying risks from potential technical solution architectures. The role designs alternate solutions or countermeasures to mitigate identified risks and provide recommendations for appropriate security policies, standards, and guidelines. Managing risks related to the use, storage, and transmission of data, and carry out of risk management activities within specific functions or projects is also a part of this role. This includes identifying risks and vulnerabilities, assessing their impact and probability, developing mitigation strategies, and reporting these to the business. This role will ensure the protection and management of risks associated with information systems, contributing to a secure and compliant digital environment.
The ideal candidate will have a strong technical background, relevant risk assessment qualifications such as the CISSP and/or CCSP, a deep understanding of cyber threats facing government, and the ability to work within a high-security environment. This is a mission-critical role where your expertise will directly contribute to the protection of our global infrastructure.
Job Specific role description
- Conduct comprehensive risk assessments across IT systems, applications, and third-party vendors.
- Evaluate and monitor compliance with Australian Government requirements such as the PSPF, ISM, and Essential Eight, and apply additional oversights from international frameworks such as ISO 27001, NIST, and GDPR.
- Develop and maintain cybersecurity policies, standards, and procedures.
- Perform gap analyses and recommend remediation strategies.
- Collaborate with internal stakeholders to ensure alignment with security governance objectives.
- Support audits and certification processes (e.g., IRAP assessments).
- Monitor and report on the effectiveness of security controls.
- Stay current with emerging threats, technologies, and regulatory changes.
- Prepare comprehensive reports for business and senior executive, translating complex technical findings into clear, actionable treatments and recommendations.
(1). Highly desirable certifications include CISSP, CRISC, CCSP, or equivalent / (2.) ISO 27001 Lead Auditor, or IRAP are desirable, with other qualifications in government-specific cyber security programs considered highly
Essential criteria
1.Demonstrated experience in authoring ICT system authorisation documentation including but not limited to: Security Risk Management Plans (SRMPs), System Security Plans (SSPs), and Standard Operating Procedures (SOPs).
2.Experience in technical ICT areas such as system administration, software development, and cloud computing.
3.In-depth knowledge of Australian Government cyber security standards, such as the Protective Security Policy Framework (PSPF) and Information Security Manual (ISM).
4.Familiarity with one or more: AWS, Azure, Kubernetes, Identity and Access Management.
Desirable criteria
1.Knowledge of emerging threats and international frameworks such as NIST, GDPR, and/or PCI DSS.
2.Ability to communicate complex information to both technical and non-technical stakeholders.
3.Understanding of data protection, privacy legislation, and compliance requirements.
Contract: 12 Months Contract with 2 x 12 months extension option
Security Required: NV1 Security Clearance
Location - Canberra based - Hybrid - required to be in the office a minimum of 3 days a week.
How to Apply - Please upload your resume to apply. Candidates will need to be willing to undergo pre-employment screening checks which may include, ID and work rights, security clearance verification and any other client requested checks
Closing date: Thursday 25 September 2025
Call Joanne Finchett on 0480 002454 or email Joanne@whizdom.com.au for any further information
