Senior GRC/ISM Specialist

  • Canberra ACT, Australia
  • Full-time
  • Job Type: Permanent

Company Description

Our name isn’t the only thing that’s unique about Leidos Australia. We’re a complex systems integration company building world-class solutions across government that ensure peace of mind for the entire nation. Supported by global backing from our US network, we’re trusted by our customers to deliver the most innovative answers to their most complex challenges. Seriously interesting work that benefits and safeguards every Australian. As a talented member of our multidisciplinary teams across a diverse and influential Federal Government and Defence portfolio, you have a rare opportunity to influence programs today that will redefine the customer’s business tomorrow.

Job Description

Your New Role

Leidos has been engaged by Defence to provide cutting edge cyber capabilities to support Australia's Defence mission.  We are seeking inquisitive and delivery focused people to ensure its success.

If you want the following as part of your next role please get in touch today

·         Enhancing National Security

·         Important and engaging work

·         Leading edge technology that supports cultural and business practice changes

·         Excellent training and career development

·         Work with experienced peers including senior SME resources

·         Well-resourced operation

·         Attractive remuneration available

·         Happy and focused high performing team

As a Senior GRC/ISM specialist you are responsible for continuous accreditation of classified systems. You will also be on the on hand senior cybersecurity resource. These roles are unique and will test and grow your ability to manage risk and cybersecurity in the field.

Qualifications

About You and What You’ll Bring

This role has access to a portfolio of opportunities including greenfield capabilities for defence across Enterprise Service Management Centre services and End User Technology services. Your duties include:

  • Establishing and maintaining system accreditation across complex environments
  • Develop, implement and maintain the Security Risk Management Plans (SRMPs), System Security Plans (SSPs), Security Risk Assessments, Statement of Applicability (SOAs) to support ongoing system management and Program delivery
  • Working closely with the customer as their go-to person for risk, compliance and cyber security related questions
  • You will need to think independently and progressively, unlike typical GRC roles
  • Develop assessment and conformance evaluation criteria to ensure successful system risk acceptance and the creation of approved Programs of Actions and Milestones (POA&M)
  • Liaise with service delivery areas, client management, Project Management and client security areas to ensure security processes are appropriately designed, effective, implemented and maintained

You will need to have most of the following:

  • Broad cyber background with working knowledge/understanding of a broad number of technologies
  • Hands on experience with ISM accreditation including managing liaison with ICTSB
  • Technical background with understanding of commonly deployed security tools, Active Directory and Managed Operating Environment (MOE). (Device Security, Identity Security, Information Security, Mobility, Security Analytics) in a Government context
  • Collaborating with client and internal teams to develop and maintain security documentation (SSP, SRMP, SOA, etc.)
  • Familiar with security frameworks and standards (PSPF, ISM, ISO27001, NIST CSF and related key documents)
  • Knowledge of commonly used risk management methodologies (ISO 31000, NIST CSF and related key documents)
  • Persuasive communication skills and form strong collaborative relationships with the broader team to ensure consistency and cohesiveness in approach
  • Understanding and empathy for the needs of Australia’s servicemen and women in the field
  • Able to engage professionally with the customer and be their preferred cybersecurity resource

Highly Desirable:

  • Bachelor's Degree in Computer Science, Information Security, Information Systems, or related field, or equivalent professional experience and specialised training commensurate with assignment; or applicable security certifications such as CISSP, CISA, CISM, GIAC, etc.
  • Experience in Vulnerability Assessment (VA) or Penetration Testing is desirable
  • Experience in hybrid cloud environments

Additional Information

What You'll Love

  • Long term scope with a clear career path with extensive employee benefits
  • Formal training programme with access to an extensive online learning portal
  • Extensive cross-skilling opportunities

These roles are located in Canberra and Melbourne. Candidates with active NV1 or better security clearance are preferred however good uncleared candidates will be considered. All candidates must be Australian Citizens and able to obtain an NV2 security clearance.

This is a fast growing business currently implementing a range of business improvement initiatives, so you’ll have the chance to see some market leading technologies implemented across the function along with contributing to building further on the progressive work currently being developed. We offer a flexible working environment where it’s possible to design your ideal work week.

You’ll be joining a fun and friendly team who support each other closely and love to celebrate together.

Privacy Policy