Cyber Governance, Risk & Compliance SME

Job Description

Leidos has been engaged by a Federal Government Department to work closely with other top tier partners to provide a leading Cybersecurity capability for critical infrastructure components.

We are tasked with developing and delivering cyber security services to directly support the Department’s mission. We are seeking highly motivated and appropriately experienced staff to help us deliver outstanding results.

These roles are not your typical Cybersecurity setup. There are some unique requirements with scope for you to substantially improve the customer’s operational capabilities.

These roles will need you to be understanding of the needs of the end user and to be able to provide services in a secure environment.

We are seeking candidates from a variety of backgrounds, with appropriate experience from Tier 1 Cybersecurity analysis through to service delivery, application engineering, infrastructure specialists, GRC specialists, threat hunters, intelligence specialists and other related roles.

If these roles match your skills and interest please apply.

This GRC SME position is pivotal in ensuring the ongoing ICT security accreditation for theprogram.We have two (2) Fixed Term or Contract opportunities available, and the successful candidateswill be responsible for providing services to ensure compliance with the applicable Information Assurance (IA) frameworks, policies, and standards (with particular focus on Information Security manual (ISM) and Defence Security Principles Framework (DSPF).

Duties include, but not limited to:

• Develop, implement and maintain security governance, including security frameworks, policies, and standards, in accordance with ISM and DSPF;
• Develop, implement and maintain the Security Risk Management Plans (SRMPs) and SSPs supporting certification and accreditation for major projects being delivered;
• Develop certification and conformance evaluation criteria to ensure successful system acceptance;
• Maintain and improve the system security documentation package;
• Liaise with service delivery areas, client management, Project Management and client security areas to ensure security processes are appropriately designed, effective and implemented;
• Conduct routine audits to validate the certification and conformance readiness state achieve System Certification and Accreditation;
• Lead identification, implementation and review of the full range of I&A measures to ensure certification and accreditation is maintained in a complex environment;
• Engage with key stakeholders for effective Cyber Governance and security outcomes across all environments; and
• Act as arisk practitioner for ICT systemsand represent the organisation in key cyber risk management forums.

Qualifications

• Experience in performing and/or successfully preparing for IRAP assessments, certification and accreditation across ICT program delivery;
• Experience of working to achieve system certification and accreditation outcomes.
• Previous experience working in a IT Security Officer, IT Security Advisor or IT Security Manager type role.
• Technical background with understanding of commonly deployed security tools, networks and operating systems(EPP, HIPS, Firewalls, SIEM, Wintel/Unix, virtualisation) in a Government context.
• Substantial experience collaborating with business partners, application development, and technical teams to establish security requirements and ensuring that these objectives were satisfied.
• Collaborating with client and internal teams to develop security documentation (SSP, SRMP, etc)
• Experience or demonstrated knowledge in applying policy and compliance assessment at a technical level across networks, Windows and Unix/Linux environments in the Government context.
• Familiar with security frameworks and standards (PSPF, ISM, ISO27k, NIST).
• Knowledge of commonly used risk management methodologies (ISO 31k, NIST)
• Ability to develop and maintain clearly written documentation (technical, procedural and policy)
• Persuasive communication skills when dealing with stakeholders in wide ranging roles and areas of the business

• Bachelor's Degree in Computer Science, Information Security, Information Systems, or related field, or equivalent professional experience and specialised training commensurate with assignment;
• Applicable security certifications, such as CISSP, CISA, CISM;
• Current IRAP or desire and ability to become an IRAP Assessor.

Additional Information

Successful candidates will be required to be Australian Citizens and be able to obtain and maintain an Australian Government Security Clearance. NV-2 Clearance preferred, but an NV-1 clearedcandidate with strong experience and team fit will be considered.

At Leidos, we’ve built our business on the ability to Redefine Possible and the same applies to your career. We proudly embrace diversity and support our people at every stage of their Leidos journey in terms of inclusion, accessibility and flexibility. We look forward to welcoming you.