About Us
Established in 1988, Rest is one of Australia’s largest profit-to-member superannuation funds.
We support nearly two million members, with around $75 billion of funds under management and are recognised as a responsible investment leader*. We believe when members understand and engage with their super, they’re more likely to get a better retirement outcome.
Everything we do at Rest is underpinned by our values and behaviours, we want to Be Daring, Keep it Simple, Take Action and Have Grit. To put it simply we want our people to thrive and love the work they do.
About the Job
The Information Security Cloud Analyst is responsible for safeguarding Rest’s cloud-based systems encompassing a broad range of activities including evaluating and mitigating risks, formulating cloud-specific security strategies, continuously watching for cyber threats, ensuring regulatory compliance, and responding to security incidents.
Additionally, the Information Security Cloud Analyst will create secure cloud designs and guardrails, educate employees on best practices, assess third-party vendors for security risks, maintain cloud security policies, and manage various cloud security technologies.
Key Responsibilities
- Design, deliver & monitor security controls in cloud platforms, with primary focus on AWS.
- Provide strategic security and risk guidance for cloud security and related projects, including the evaluation and recommendation of technical controls and platform architectural designs.
- Operate, enhance and evolve cloud-native and third-party SaaS cloud security tooling to assure security posture of the cloud platform meets internal and regulatory compliance requirements.
- Prioritise & ensure remediation of vulnerabilities identified through cloud security standards, policies & tools.
- Produce technical solutions and standard operating procedures for Security Operating Centre (SOC) to triage and respond efficiently to security events.
- Deliver knowledge transfer sessions across the business to uplift Cloud Security awareness to technical and non-technical stakeholders.
- Advise workload owners, developers & business partners to improve cloud security posture across cloud infrastructure, application & software delivery.
- Follow strict information security processes, plans and protocols in managing the life cycle of issues and incidents, which may include collaborating with internal stakeholders, vendors or third parties.
- Support the uplift of cyber incident management capabilities collaborating with information security governance, risk & operations
- Promote and reinforce security standards, policies and procedures ensuring ongoing compliance and, where gaps exist, develop plans for remediation.
- Participate in audits as required, collating, and providing information including closing out of audit issues.
