Governance, Risk and Compliance (GRC) Specialist

  • Melbourne
  • Softtest Pays Pty Ltd
Australian Citizens with Baseline Clearance residing in Australia only respond. Contract start 06 November 2023 to 12 months, 2 x 12 months extensions. Australian Citizen, Baseline Clearance, Canberra, Offsite role. Send your responses to jobs@softtestpays.com Overview The Department of Industry, Science and Resources (DISR) requires the services of a Cyber Security Compliance Specialist to work with system owners and business owners to identify and consider cyber security risk and appropriate remediation activities. This full-time position (5 days per week) will be assigned to the assessment of new and upgraded systems to ensure the security accreditation requirements are met, as per the departments Authority to Operate Framework (AtOF). Five years prior experience in writing and managing risk assessments per ISM compliance in Government is desirable. This position will be responsible for providing security advice in line with the departments processes and policies and security frameworks including the Information Security Manual (ISM), Protective Security Policy Framework (PSPF) and Information Security Registered Assessors Program (IRAP). The chosen candidate will have demonstrated extensive experience working as a security compliance specialist, with knowledge of the ISM, PSPF and IRAP processes, and the communication skills necessary to provide advice and supporting documentation associated with the departments security framework. While working closely with technical and non-technical departmental staff to achieve the required outcomes. The candidate will be responsible for: Lead and produce (write) quality security accreditation documentation including Statement of Applicability (SOA), System Risk Management Plan (SRMP), System Security Plan (SSP), and Certification Reports Effective management of AtOF assessments ensuring they are completed within agreed timeframes while managing multiple assessments at any given time Effectively communicating security concepts and controls to technical and non-technical stakeholders Providing considered security advice to stakeholders, team members and Executive Taking direction from the Cyber Security Manager and IT Security Advisor while working within the Cyber team Act promptly to resolve compliance issues and address vulnerabilities, collaborating with relevant teams to implement relevant controls and improvements Facilitating and negotiating discussions to an agreeable decision. Completing security assessments in the departments IT service management risk system Please note, applicants should have 5+ years of Governance, Risk and Compliance experience. Every application requires to address selection criteria as part of application submission. Essential Criteria 1. The successful candidate will have the IT skills and relevant work experience, in conjunction with strong interpersonal skills and the ability to exercise initiative and sound judgement. Ability to work as part of an agile team and communicate with a range of internal and external stakeholders is also a requirement. 5 years experience as a cyber security compliance specialist Demonstrated experience in relation to the detailed skill set (outlined above) Excellent attention to detail Experience working in large complex ICT environments with a focus on Microsoft technologies Ability to consult with a range of both technical and non-technical personnel. Extensive knowledge of Australian Government Policies and frameworks relating to Government Services Ability to juggle multiple assessments at any given point 2. A 500-word summary addressing candidates' suitability against the criteria will be accepted.