Security Incident Management Analyst coordinating information security incidents. Overseeing cyber incident response and providing guidance to senior management within a leading industrial software company.
About the role
- Senior Cybersecurity Consultant focusing on Governance, Risk and Compliance (GRC) at Datacom. Helping customers strengthen their security posture and align cybersecurity measures with business goals.
Responsibilities
- Security Consulting: Act as a trusted advisor to Datacom’s customers and internal stakeholders, understanding their cybersecurity needs and providing expert guidance and security solutions.
- Stakeholder Collaboration: Collaborate with cross functional teams to ensure a shared understanding of security risks and propose fit for purpose mitigations. This may include working closely with project managers, technical support teams, architects, third party vendors, developers, security teams and business units to integrate security requirements into projects or business as usual (BAU) tasks.
- Project Delivery: Support the planning and delivery of security projects or Datacom’s engagements, ensuring outcomes are achieved on time and meet quality standards. Maintain documentation of activities and track progress against project goals. Provide oversight and guidance to more junior team members.
- Continuous Improvement: Stay up to date with the latest cyber threats, vulnerabilities, and best practices. Proactively recommend improvements to security policies, processes and tools to enhance overall security posture.
- Communication and Reporting: Prepare clear reports and presentations on security findings and recommendations. Communicate technical information to both technical and non-technical audiences (e.g. executives or customers) in an understandable manner, to facilitate informed decision-making.
- Risk Assessments: Conduct comprehensive cybersecurity risk assessments and business impact analyses to identify vulnerabilities and evaluate potential threats. Develop risk artefacts such as plans, reports or registers and create roadmaps for safeguarding critical assets based on assessment findings.
- Compliance and Audit: Undertake compliance assessments against relevant standards, frameworks and regulations (e.g. ISM, PSPF or ISO 27001/27002). Ensure the organisation
- Meet requirements of frameworks and industry-specific regulations. Prepare for and support internal (Datacom) and external (IRAP or ANAO) audits, addressing any compliance gaps identified.
- Policy Development: Develop and update security policies, plans, standards, and procedures aligned with best practices and regulatory requirements. This includes authoring cybersecurity policy documents and process improvement artefacts to strengthen governance. Ensure that policies reflect frameworks and are communicated effectively across the organisation.
- Security Strategy and Advisory: Contribute to the creation of tailored cybersecurity strategies and governance frameworks that align with Datacom or the customer’s unique business objectives and risk appetite. Provide advice to senior management on implementing security controls and risk treatments in a pragmatic, business-aligned manner.
Requirements
- More than 5 years of hands-on experience in cybersecurity or information security roles, preferably including some time in a consulting or advisory capacity within a complex organisation or a Managed Services provider.
- Direct exposure to GRC within the Australian Government, including knowledge of the IRAP assessment process and experience in developing the supporting documentation required to attain an Authority to Operate, such as the SSP-A, SSP, SRMP, IRP and CMP.
- Practical knowledge of cybersecurity frameworks and standards. For example, familiarity with Australian government standards like the ISM, E8 and PSPF. Experience applying risk management frameworks and ensuring compliance with regulations is essential.
- Demonstrated ability to conduct security risk assessments and compliance reviews. Comfortable mapping security controls to framework requirements, identifying gaps, and recommending remediation actions. Experience developing and maintaining risk assessment material, security policies, and/or audit documentation is essential.
- Knowledge of Australian cybersecurity and privacy regulations (e.g. familiarity with the Australian Privacy Act and Notifiable Data Breaches scheme) is useful.
- Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, or a related field or equivalent work experience in a relevant discipline can be advantageous but not mandatory.
- Professional security certifications are highly valued. Certifications such as CISM, CISA, CRISC, or ISO 27001 Lead Auditor/Implementer or similar security certifications demonstrate relevant expertise. Certifications like CISSP (or Associate of CISSP), CEH, OSCP, or relevant SANS GIAC certifications (e.g. GSEC, GCIH, GPEN) are a plus. Certification in cloud security (e.g. AWS Security Specialty, CCSP) or other specialised areas is also highly regarded.
- While not mandatory, any awareness of the following international and industry standards or frameworks will be useful, while experience will be highly regarded:
- o ISO/IEC 27001 - Information Security Management System (ISMS), ISO/IEC 27002 Information Security Controls, ISO/IEC 31000 Risk Management - Principles and Guidelines, and ISO/IEC 27005 Information Security Risk Management.
- o National Institute of Standards and Technology (NIST) - various risk, privacy, control, configuration and audit frameworks.
- o ITIL practices for IT service management (ITSM), including security operations and incident management.
- o Australian Prudential Regulation Authority (APRA CPS 234) - Information Security Standard.
- o Australian Privacy Act 1988 and Notifiable Data Breaches (NDB) Scheme.
- o PCI DSS (Payment Card Industry Data Security Standard).
- o Open Web Application Security Project (OWASP).
- o MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge).
- o Common Vulnerability Scoring System (CVSS).
- o Zero Trust Architecture (ZTA).
- o Centre for Internet (CIS) Security Critical Security Controls.
- o Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM).
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Customer Security Engineer managing end - to - end pentesting services at Aikido Security. Ensuring customer value and addressing vulnerabilities for a developer - first security product.
Cybersecurity GRC Specialist developing compliance standards across IT environments at Axpo Group. Collaborate with teams to safeguard critical systems and implement cybersecurity policies in energy sector.
Lead Cybersecurity Specialist managing enterprise cybersecurity programs at NexThreat. Overseeing cybersecurity research, engineering, and technical services while ensuring federal compliance.
Manager overseeing Netflix's global physical security technology design and build programs across multiple business verticals. Leading a team to ensure best - in - class security systems and vendor management.
Information System Security Officer liaising between Cybersecurity Group and information owners. Ensuring compliance and security posture for national security IT systems in a hybrid environment.
Technician in workplace health and safety conducting interventions in member companies of CIAMT. Focusing on risk prevention and improving workplace safety conditions.
Information System Security Officers maintaining IT security posture through collaboration with stakeholders. Supporting system security policies and risk management for national cybersecurity objectives.
Security Manager overseeing and processing security clearances for Danish Government and NATO compliance. Liaising with security authorities and ensuring organizational requirements are met.
Business Cybersecurity Partner overseeing cybersecurity and compliance in Aerospace sector. Ensure alignment with regulatory frameworks and manage compliance with cybersecurity requirements.