GRC Security Lead

  • Full-time
  • Job Type: Permanent

Company Description

Every person at Leidos plays an important and valued role bringing science, engineering and technology together to produce practical solutions for our customers’ most complex problems. It’s how we help to make the world safer, healthier and more efficient - work that matters and a mission, like those of our customers, we are passionate about. We’re open minded, ambitious and committed to enabling our people to do their best work, to be inspired by what they can achieve and the impact they can have.

Here in Australia, we’re agile and growing fast. Our 1,400 employees are busy building an enviable reputation for innovation and delivery. And, as part of a US-based organisation with 37,000 people and a 50 year history, we are able to draw upon world-leading technical expertise to help us provide the best solutions to our customers.

Job Description

Your New Role

Working on a Defence project, the Governance, Risk and Compliance position is focused on providing project support for delivery of secure, compliant and accredited systems. The role is primarily concerned with supporting this delivery across the project's platform deployed on AWS infrastructure and any associated Partner systems that require hosting on or connection to the project's platform. 

  • Engagement with key stakeholders including internal project management, Certification Authority representatives, security service providers, other internal IT security personnel and business owners to tailor the scope of responsibility and approach to delivering security controls, artefacts, risk identification and assessment, security testing for deployed security controls and responsibility for risk treatment recommendations
  • Consideration of and alignment with project schedules such that the certification and accreditation effort supports the business requirement to operate the subject system(s)
  • Identification, validation and or advocacy for security requirements (functional or non-functional) and dependencies associated with system delivery, transition into service or ongoing sustainment
  • Development of an Accreditation Plan detailing the elements above with the necessary activities, artefacts and stakeholder contributions required to complete the certification and accreditation process for assigned projects
  • Ownership for the execution of the Accreditation Plan with reporting as required by the business, project, Certification Authority or other interested stakeholders
  • Handover of all completed artefacts to operational groups for ongoing sustainment of the accredited system.

This role requires the successful applicant to be an Australian Citizen and hold a minimum NV-1 level Australian security clearance.

Qualifications

About You and What You'll Bring

GRC personnel will have a minimum of five years’ experience in IT Security roles with at least two years’ experience providing GRC services in Australian Federal Government, preferably within the Defence framework. 

The following experience is required for GRC personnel:

  • Current knowledge of and experience with the Australian Government Protective Security Policy Framework (PSPF) and Information Security Manual (ISM) is necessary.  Experience working with the Defence Security Practices Framework (DSPF) is preferred
  • An ability to advocate for security and compliance requirements within the project, and advocate for the project’s approach with external stakeholders is necessary.  It is expected that GRC personnel will leverage all available resources to ensure their advice and advocacy in all cases is accurate and practical
  • An ability to communicate sensitive matters in a respectful and professional manner, enabling decision makers to understand the security implications of their choices prior to delivering their decisions
  • Once decisions are made, they must be recorded factually and if relevant, introduced risks documented for formal acceptance
  • An ability to prioritise the importance of security and compliance matters in the context of the subject platform or system is required.  This may include the support of Security Engineers, Security Testers or other external stakeholders, however it is the responsibility of GRC personnel to communicate the priority of security elements through the certification and accreditation process.  
  • An ability to provide structural guidance to help mature projects planning, documentation and delivery elements but maintain flexibility to support the delivery approach prescribed by the business. 

Certifications:

  • Any GRC related certification is advantageous with security-related certificates preferred. There is no requirement for iRAP certification.

Additional Information

What you’ll love

This is a fast growing business currently implementing a range of business improvement initiatives, so you’ll have the chance to see some market leading technologies implemented across the function along with contributing to building further on the progressive work currently being developed. We offer a flexible working environment where it’s possible to design your ideal work week.

You’ll be joining a fun and friendly team who support each other closely and love to celebrate together.

Privacy Policy