Security & Risk Specialist

Summary about this job

Detail information about job Security & Risk Specialist. Terms and conditions vacancy

We are currently looking for a Security & Risk Specialist for a 12 month contract engagement + extensions) with a large government department based in Brisbane CBD. The IT Risk & Security Specialist will provide ICT risk and control advice to a range of technical and non-technical stakeholders and will apply his/her expertise and experience to assess ICT controls, perhaps using the ISACA COBIT 4/5 framework. They may also be asked to research, analyse, and design, strategies and solutions that progress ICT security outcomes. 

The Project:
The department is embarking on several large ICT-enabled business transformation initiatives to improve efficiency and transform the enterprise. These initiatives require professional assessment to ensure Council's information risk management requirements are met. 
Responsibilities:
 

• Review and understand business goals, objectives and requirements previously documented.
• Assist with documenting the "as-is' security environment of data and systems.
• Assess the current risk profile with respect to business value and technical condition.
• Assess the existing security processes and technologies.
• Undertake gap analysis between current state and desired future state.
• Identify key ICT risk management enablers, maturity and business value
• Assess and document the enterprise and project ICT security risks.
• Maintain in-depth expertise in suitable security technologies and products.
• Perform Business Impact Assessments
• Perform Vulnerability Assessments
• Design and determine potential solution options
• Assess solutions proposed by vendors.
• Assess suitability of security technologies to particular security solution architectures.
• Ensure all offerings proposed by vendors meet ICT security policy and requirements
• Provide recommendations on the best approach to meet business needs.
• Define, schedule and provide indicative costs for the required sets of business and ICT initiatives.
• Make other relevant recommendations and perform other related duties as requested
• Assess general ICT controls using industry frameworks like (COBIT)

Requirements:
 

• The successful candidate is expected to have experience in a role providing enterprise IT risk & security advice within the context of a large organisation and having that advice acted upon
• Highly developed skills in establishing and managing internal customer relationships including the ability to understand the customers' strategic risk management goals and requirements and translate these into credible project outcomes for all stakeholders.
• Demonstrated ability to engage project and business resources and achieve a transparent understanding of the ICT risk issues
• Extensive experience in the application of ICT risk assessment and management processes for complex systems
• Experience in projects involved with Services Oriented Architecture, Enterprise Content Management Systems, Electronic Document Management Systems, Enterprise Resource Planning Systems is desirable but not mandatory.
• While not a requirement, an industry qualification such as a CISSP, CISM, CRISC, SANS GIAC, etc., would also suggest an appropriate level of competence.

 Thank you for reviewing this opportunity. If of interest, please apply now or contact Mats Rorvik on 07 3221 3333 for more information.