Information Security Officer

The Information Security Officer is responsible for:

• Undertake an assessment to determine the information classification and understand the threat profile (business risk) of our clients hosted applications and information holdings to inform the as-a-service program of work that is currently assessing where IT workloads are able to be hosted.

• Provide expert information security advice and practical solutions to ICT and project staff, senior management and key stakeholders.

• Implement an Information Security framework that addresses audit, risk and issue, and compliance with Australian Government Protective Security Policy Framework.

• Manage the development procedures, controls and guidelines for multiple platforms and diverse system environments including solutions for ICT network security and ensure their compliance.

• Undertake detailed ICT security risk assessments on new and existing infrastructure and services (e.g. on premise, IaaS, PaaS, SaaS, BUaaS, Private and Public Cloud) including recommending mitigation strategies and designing practical business process and technical solutions.

• Manage incident response planning and coordinate ICT security activities for the Program including establish and manage virtual teams, regular security audits, intrusion prevention, vulnerability management, detection systems, border and gateway security, incident assessment and investigation and reporting on serious ICT security breaches, ensuring all identified breaches in security are promptly and thoroughly investigated.

• Establish strong working relationships and communicate security related concepts to a broad range of technical and non-technical clients, key stakeholders and external consultants in a confidential manner and develop Information Security Awareness Training programs for staff.