We have an ongoing opportunity for a Governance, Risk & Compliance (GRC) and Vulnerability Management (VM) Manager to join our team delivering comprehensive cybersecurity services to support the Australian Defence Forces.
This role requires an understanding of the needs of the end user, the ability to provide cyber security assurance and advisory services in a secure environment and has scope for you to improve the customer’s operational capabilities. You will head the GRC and VM areas for our customers networks and be responsible for ensuring compliance with the applicable Information Assurance (IA) frameworks, policies, and standards with particular focus on the Information Security manual (ISM) and Defence Security Principles Framework (DSPF). You will also be supporting cyber security risk management activities, including the assessment and mitigation of vulnerabilities exploitable by relevant threats. Your responsibilities will include the following:
- Support the customer in the ongoing governance of the cyber security services across multiple networks.
- People leadership and management of the GRC and VM teams.
- Accountability for the GRC and VM functions and delivery of artefacts.
- Perform and investigate internal and external information security risk and exceptions assessments. Assess incidents, vulnerability management, scans, patching status and secure baselines, reporting on compliance to the customer.
- Implement risk management framework including the management of the Cyber Security Risk Register, ensuring documented and sustainable compliance that aligns and advances the environments.
- Evaluates risks to develop and implement security standards, procedures, and controls to manage risks.
- Quality assure GRC components of artefacts, reports, and other outputs.
- Review and update policies, standards and processes for accuracy, completeness, and currency.
- Improve the security positioning through process improvement, policy, automation, and the continuous evolution of capabilities.
- Conduct day to day reviews of operational security challenges and provide input into change control.
- Assessment, ongoing reporting and tracking of vulnerabilities to ensure stakeholders understand the associated risks, gaps and remediation activities required. This is to be completed in collaboration with Industry partners.
- Management of ongoing accreditation for the networks including routine document reviews, development and/or review of supporting artefacts such as SRMP, SSP, SSP-A, SOPS, etc.
- Professional development of team members; and
- Management of multiple stakeholders.
