Connecting...

W1siziisimnvbxbpbgvkx3rozw1lx2fzc2v0cy9wzxjpz29ulwdyb3vwl2pwzy9iyw5uzxitzgvmyxvsdc5qcgcixv0

Job Search

Information Technology Security Manager

Job Title: Information Technology Security Manager
Contract Type: Permanent
Location: Sydney
Industry:
Reference: 3190342
Contact Name: Reece
Job Published: November 17, 2020 22:15

Job Description

Highly regarded Australian Organisation looking for a IT Security Manager to assess, establish and own their IT Security function!! In this role, you will provide strategic-level technical/professional advice to the Business Executives on the security of the enterprise IT systems. As the ITSM you are also responsible for developing and updating IT security documentation and providing reports for internal and external stakeholders and conducting reviews and investigations as appropriate, and as a member of the IT Change Advisory Board, is responsible for ensuring that all change requests meet the required security standards before their submission to the Change Manager.

You will be responsible for the following:
  • Act as the Entity’s IT Security Adviser as defined in the Security Governance Guidelines.
  • Provide strategic level guidance on IT Security.
  • Maintain an IT security framework including, policies, plans and procedures and raise awareness of information security issues with systems users and owners.
  • Provide regular reports on cybersecurity and meet internal and external reporting obligations
  • including input into the Archives’ annual compliance report.
  • Independently identify appropriate security risk mitigation measures in the development and delivery of IT projects.
  • Conduct IT vulnerability assessments, take actions to mitigate threats, remediate vulnerabilities and escalate to the Director and Executive as appropriate.
  • Maintain, monitor and update Web proxies, Mail proxies and Endpoint protection applications/services amongst other applications/services.
  • Monitor security for systems, including the application of ASD’s essential eight, respond to and investigate sensitive and complex cybersecurity incidents.
  • Promote information security awareness training programs to all staff, deliver training when required.
  • Maintain and track the execution of the IT Security Plan.
  • Promote and implement suitable IT Security policies and protocols as required by the Entity.
  • Ensure IT users across the Entity adhere to the ISM & Security Framework
  • Ensure current and future applications, networks and other IT services operate in a secure environment.
  • Ensure that staff across the business are aware of and comply with IT Security policies and procedures.
  • Promote a culture that supports a secure IT environment.
  • Responsibility for auditing functions, systems, and procedures
  • Ensure new and existing systems undergo Security Assessments and Threat Risk Analyses.
  • Co-ordinate routine penetration and other IT security audits.
  • Maintain the IT Security Risk Register.
  • Act as a member of the Change Advisory Board, provide security advice on pending submissions to the CAB.
  • Maintain the Enterprise IT disaster recovery plan (IT DRP) in conjunction with the Entity’s Business Continuity Plan (BCP)
  • Work with staff in Infrastructure and Business Applications to review and refine the IT DRP
  • Co-ordinate routine IT Disaster Recovery (DR) tests.
  • Manage a small team of IT Security Specialists.
Competencies & Attributes:
  • Demonstrated ability to work collaboratively and cooperatively with staff and their managers across the Entity to ensure that IT policies and procedures adhered to.
  • Demonstrated ability to provide high-level security advice to clients during the development and implementation of new applications.
  • Strong understanding of the technical implementation of ISM controls.
  • Strong understanding of gateway technologies such as web and mail proxies.
  • A broad understanding of multiple technologies and system architecture is required.
  • Audit and investigation skills required.
  • The IT Division is geographically dispersed and experience in working in such teams is essential.
  • Relevant industry qualifications in IT security such as ITILV3 and at least one of either CISSP, CISM or CISA qualifications.
  • Essential a highly developed knowledge of the Information Security Manual and Security Policy Framework and current and emerging IT security technologies
  • Demonstrated ability to provide expert security advice, develop quality IT security policies, plans and procedures.
  • Ability to work in a team environment delivering a high level of customer service, with the ability to build strong working relationships and trust with clients, stakeholders and senior management.
  • Demonstrated high level of communication skills with effective presentation and representation skills.
  • Highly developed knowledge of risk management principles and practices and project management skills.
If you are interested in hearing more bout this role, apply now! Reece.richardson@perigongroup.com.au