Selection Documentation
Position title: IT Security Adviser
Classification: Executive Level 1
Location: Canberra
Division/Section: ICT Services / Security and Property
Reports to: Director Security and Property
Employment status: Ongoing
Hours: Full time - 37.5 hours per week
Security clearance: Negative Vetting 1
Salary: $95,688 - $112,640 p.a. plus 15.4% super (negotiable)
Closing date: 18 June 2017
Contact for questions: Paul Alaimo, , 02 6270 3486
Eligibility: Please note that this opportunity is open only to Australian Citizens
The successful applicant must have, or be willing to undergo a security clearance to the level of Negative Vetting 1 as a condition of employment.
To satisfy character requirements all AFSA employees must undergo a police records check.
Where a person has received a redundancy benefit from APS agency employment and their corresponding redundancy benefit period has not expired, they may be ineligible for employment.
AFSA actively promotes flexibility with working options in this role. We encourage flexible work patterns to support your family commitments and personal interests.
Purpose of the position
The IT Security Adviser (ITSA) is responsible for the development and implementation of Information Security Policy and standards within AFSA. This position leads a small team of APS staff and contractors to ensure a risk managed and compliant ICT environment.
The ITSA works closely with the Agency Security Adviser (ASA) and System Owners to ensure comprehensive security documentation is established and maintained, and that comprehensive work plans and reporting frameworks are also in place.
The ITSA also provides specialist advice to system and network architects, and supports the development of new systems by providing timely, risk-based advice. The ITSA plays an active role in change and incident management.
Key responsibilities
Duties
(In order of importance/frequency)
· Ensure a strategic and integrated approach to cyber-security practice and functions, with a focus on information management, staff development and risk-based decision making.
· Determine security requirements by:
o evaluating business strategies and requirements;
o researching global information security standards and emerging technologies;
o conducting system security reviews, vulnerability analyses and risk assessments;
o developing and complying with architecture/platform standards;
o identifying integration issues; and
o preparing cost estimates.
· Document and analyse risks using the Information Security Manual (ISM) control framework and provide certification documentation (SOA, SSP, SRMP) for accreditation by the Chief Information Security Officer (CISO).
· Develop and implement plans, policies, work instructions and standard operating procedures to ensure an enhanced level of security compliance within AFSA
· Maintain security by:
o monitoring and ensuring compliance to standards, policies, and procedures;
o conducting incident response and analyses; and
o providing ongoing education to staff on managing ICT risks and threats.
· Lead and build a team by:
o establishing clear work expectations, systems and processes
o encouraging and supporting of ongoing learning and development opportunities
o providing regular feedback
o identifying opportunities to enhance team performance in an environment of collaboration, continuous improvement and change
· Enhance security team competence and undertakings by:
o planning delivery of tailored solutions;
o mentoring team members and answering technical and procedural questions for less experienced team members; and
o developing, promoting and coaching staff on improved processes
· Upgrade security systems by monitoring security environment; identifying security gaps; evaluating and implementing enhancements
· Prepare system security reports by collecting, analysing, and summarizing data and trends.
· Engage and manage contractors and consultants, as required, to contribute to delivery of secure services and projects.
· Lead initiatives as a senior member of the ICT Services Division within AFSA, including providing input to ICT strategies and operational plans and senior management discussions as required
· Lead, guide and support workers to understand and adhere to all WHS obligations and take responsibility for own health and safety and that of others
· Comply with WHS obligations and take responsibility for own health and safety and that of others
· Understand and comply with the agency risk management framework and relevant legislation, and contribute to the achievement of appropriate risk strategies. Guide others to identify and mitigate foreseeable risks.
ESSENTIAL CAPabilities
Achieves Results
Clearly defines plans and schedules workload and involves all relevant stakeholders to achieve high quality outcomes, identifying key talent to support operational performance. Initiates changes to improve results. Anticipates and manages risks.
IT Management
Demonstrates specialist expertise in managing IT infrastructure and resources required to plan, develop, deliver and support appropriately engineered IT services and products to meet business needs, contribute to business performance and achieve business line objectives.
Analysis
Collates, analyses and synthesises information from different sources to make informed conclusions and high level.
Stakeholder Liaison and Management
Manages and promotes collaborative and cooperative interactions across operational areas of the business and external stakeholders to facilitate open communication, education, discussion and cooperation between stakeholders to achieve desired goals.
Client Service
Manages day-to-day client services function, defines service levels for client services staff and monitors performance taking corrective action when required.
Communicates Effectively
Provides high level advice to staff, management and clients, develops and presents persuasive arguments, negotiates more complex, sensitive and contentious matters and represents the work unit and/or Business Line within and outside the agency.
People Management
Provides leadership and manages staff in day to day operational activities ensuring effective performance/service delivery, develops and coaches staff, fosters teamwork, diversity and information sharing, provides feedback and counsels staff on sensitive matters.
Thinks Strategically
Actively contributes to a shared understanding of strategic planning processes and the development of strategic direction, corporate priorities, policies, innovation and process improvement so as to achieve desired strategic objectives. Incorporates a strategic perspective in all aspects of work.
Position qualifications
Mandatory
· VET or Tertiary qualifications in information management, computer science, information systems or equivalent experience
· Certified Information Security Manager (CISM) and/or Certified information Systems Security Professional (CISSP)
· Demonstrated capacity to provide timely, compelling and concise advice to inform executive members and senior management to support decision making.
Preferred
· Information Security Registered Assessors Program (IRAP)
· SANS specific security training
· Demonstrated experience leading a team to achieve high performance and meet organisational and business goals.
· Demonstrated experience in risk management, policy and strategy development.
Position dimensions
Staff reports: up to 5
Budgets managed: To be determined
Relocation assistance provided depending on the applicant.
Application details
The application is the tool that the selection committee will use to shortlist applicants.
Your application must include:
· a completed application cover sheet (available on the AFSA website at: How to apply for a job at AFSA )
· a resume outlining your career history, qualifications and including contact details for at least two recent referees
· a covering letter, no longer than two pages, that considers the key responsibilities and essential capabilities of the position and states the following:
a. Why you are interested in the position
b. How your skills and experience make you the best person for the position
c. What value you can add to AFSA and the ICT Services division
Your application should clearly state the position title and location in the subject line and be submitted no later than 11:59pm 18 June 2017 to:
Email:
A selection decision may be made on the basis of your application only. If interviews are conducted, it is anticipated that they will be held in the week commencing 26 June 2017. A telephone interview may be conducted in the first instance. Candidates may also be required to undergo psychometric and/or work sample testing as part of this selection process.
We encourage applications from Indigenous Australians, peoples from culturally diverse backgrounds and people with disabilities. We are committed to providing a working environment that values diversity and supports staff to reach their full potential.
If you are an applicant with a disability or other special needs, please contact the Disability Access Coordinator on (02) 8233 7821 to discuss any requirements that may assist you in your application.
Thank you for your interest in this position.
AFSA Selection Documentation: IT Security Adviser, EL 1
May 2017 www.afsa.gov.au Page 5 of 5