Job details

Location
Sydney
Salary
Negotiable
Job Type
Contract
Ref
36020_1637219289
Contact
Rick Nunez
Contact email
Email Rick
Contact phone
0478 079 255
Posted
18 days ago

Job details

Location
Sydney
Salary
Negotiable
Job Type
Contract
Ref
36020_1637219289
Contact
Rick Nunez
Contact email
Email Rick
Contact phone
0478 079 255
Posted
18 days ago

Senior Security Risk and Audit Analyst - NSW Government
Location: CBD, Sydney, with great WFH flexibility
Rate: $900 - $950 per day + Super
Contract Length: 6 months
Note: Must have proven experience in leading the governance, implementation and/or auditing of security standards and frameworks (e.g. ISO 27001:2013, NIST, ISM, Essential 8, etc.).

We are currently seeking experienced Security Risk and Audit Analyst for our NSW Government client who will be responsible for the risk management framework and processes to ensure security and IT risks are identified, assessed and managed.

Keys to Role:
* Proven experience in leading the governance, implementation and/or auditing of security standards and frameworks (e.g. ISO 27001:2013, NIST, ISM, Essential 8, etc.)
* Demonstrated experience in ISO 31000:2018, including assessment, advisory and risk register management in complex and diverse IT and security environments
* Contemporary knowledge of trends and technologies relating to information security
* Disciplined stakeholder coordination skills with the ability to negotiate, influence and lead working groups and consultations to achieve desired outcomes
* Industry security and/or auditing certification (e.g. CISA, ISO27001 LA/LI, CISSP, etc.)
* Experience in designing risk reports and operating risk tools/software is desirable
* Quantitative risk management experience (e.g. FAIR, VaR, etc.) is desirable

Key accountabilities:
* Coordinate the risk management framework and processes to ensure security and IT risks are identified, assessed and managed
* Design and operate risk and audit registers, documentation and other tools to facilitate effective risk, audit and compliance functions
* Monitor, report and present risks, risk management performance, indicators and trends to effectively communicate the Department's risk posture, impacts, and progress
* Design, implement and operate risk and audit management improvements and initiatives to ensure a best in class and continuously improving security risk management function
* Improving risk reporting and metrics approaches to better engage executive business leaders and support cyber security strategy development

Key Challenges:
* Influencing and managing diverse stakeholders, including risk owners and executives, to ensure an engaging and positive security risk culture
* Aligning varied and numerous existing processes, technologies and people to drive harmonisation and best practices
* Providing expert subject matter advisory and support on security and risk matters established in risk mitigation strategies, compliance activities and audits.
* Interpreting and aligning internal and external requirements, including industry standards, auditors, regulatory bodies, executives, legislative/administrative instruments, and business function requirements.