As an ICT Security Specialist, you will be responsible for designing, implementing, and managing the organisation's ICT security framework. Additionally, your key role involves developing comprehensive security measures and recovery strategies to safeguard the organisation from various security threats, both internal and external, fulfilling the roles of Business Continuity Officer and Physical Security Officer, ensuring a holistic approach to security and continuity planning within the organisation. You will also be responsible for conducting risk assessments, implementing controls, and developing mitigation strategies. You will play a pivotal role in:
• Developing and enforcing security policies and procedures to safeguard the organisation’s information systems and data.
• Conducting regular security assessments and audits to identify vulnerabilities and implement appropriate security measures.
• Monitoring and managing security incidents and breaches, ensuring timely and effective responses to mitigate risks.
• Overseeing security solutions such as firewalls, intrusion detection/prevention systems, and encryption protocols.
• As part of the IT team, collaborating to ensure that security controls are integrated into the system development lifecycle and BAU processes.
• Providing training and awareness programs for employees to enhance their understanding of security policies, procedures, including business continuity.
• Ensuring compliance with relevant security standards and regulations, including conducting risk assessments (cyber and IT), and developing mitigation strategies for in-house and 3rd Party Providers.
• Conduct regular physical security assessments and collaborate with facilities management to ensure the security of all employees and physical assets.
• Coordinate with internal stakeholders to ensure alignment of business continuity plans with organisational strategies.
Key Responsibilities:
• Implementing security policies, guidelines, procedures and controls.
• Ensuring compliance with group information security framework, industry standards, regulatory and contractual requirements.
• Responding to security assessments and audits (internal and external).
• Developing and maintaining proactive measures and recovery plans to address potential security threats.
• Liaising with security vendors, suppliers, service providers, and external resources; analyzing, recommending, installing, and maintaining software security applications; and monitoring contractual obligations, performance delivery, and service level agreements.
• Managing and responding to security incidents and breaches.
• Providing security training and awareness programs, working closely with internal teams to foster a culture of security awareness and adherence to protocols.
• Conducting physical security assessments, assuring the safety of employees and IT assets (hardware, software and data).
• Developing and implement business continuity management plan, following group security frameworks.
• Reporting on critical Information Security KPI’s and KRI’s.
• Collaborating with IT teams to integrate security controls.
• Implement and maintain security solutions supported by the Group.
• Reporting to risk and compliance team and business partners on security status and compliance.
• Ensuring compliance with PCIDSS, ISO27001, CPS234/232 & 230, Privacy Act 1998 among others.
• Complying with EA fraud and corruption fight policies (to act honestly and with integrity) and to report any suspected incidents of fraud and corruption.
• Adhering to Company Policies and Procedures, including Health & Safety, Equal Opportunities, Data Protection, Code of Conduct, Security, IT, and Internal Control Financial Regulations.
• Continually surveying the current perimeter to determine future network and security needs and making recommendations for enhancements in the implementation of future infrastructure, solutions and security tools.
• Supporting on the execution of tasks that may reasonably be allocated by your Manager/Company’s Senior Management Team and Regional CISO.
Qualifications and Skills:
• Bachelor's degree in Information Technology, Computer Science, or a related field.
• A Master's degree in a relevant discipline is highly recommended.
• Relevant information security certification.
• Demonstrated experience with Qualys for vulnerability management.
• Proficiency with Microsoft Defender, Microsoft 365, and endpoint security.
• Experience with Expander software and Palo Alto Firewalls.
• Expertise in MISP software for Threat Information.
• Experience conducting 3rd Party Assessments and utilizing TPS tools.
• Proficiency in Archer software for Risk Management.
• Experience with HOPEX for IT Asset Management.
• Strong understanding and experience in cloud environment architecture and security.
• Experience in developing documentation to meet APRA regulatory and audit requirements.
• Proficiency in network configuration and management.
• Experience with Genesys telephony system, infrastructure, and security.
• Proficiency in Zendesk tool, configuring flows, triggers, and security controls.
• Expertise in Data Retention Policies and implementation on various systems.
• Proven experience in ICT security management and administration, with a comprehensive understanding of risk management and security best practices.
• In-depth knowledge of security frameworks, standards, and best practices, including NIST, ISO27001, and PCI DSS.
• Proficiency in conducting comprehensive security assessments to identify vulnerabilities, threats, and risks.
• Experience performing risk assessments and developing control and mitigation strategies.
• Experience in developing and implementing business continuity plans.
• Demonstrated project management experience.
• Excellent analytical and problem-solving skills.
• Effective communication and interpersonal skills, with the ability to collaborate effectively with various stakeholders.
• Ability to work independently and as part of a team.
• Exceptional verbal and written communication skills.
• Ability to lead and adapt in an environment of change.
Salary Range: $85,000-100,000/year
Job #L84X5W53
• Developing and enforcing security policies and procedures to safeguard the organisation’s information systems and data.
• Conducting regular security assessments and audits to identify vulnerabilities and implement appropriate security measures.
• Monitoring and managing security incidents and breaches, ensuring timely and effective responses to mitigate risks.
• Overseeing security solutions such as firewalls, intrusion detection/prevention systems, and encryption protocols.
• As part of the IT team, collaborating to ensure that security controls are integrated into the system development lifecycle and BAU processes.
• Providing training and awareness programs for employees to enhance their understanding of security policies, procedures, including business continuity.
• Ensuring compliance with relevant security standards and regulations, including conducting risk assessments (cyber and IT), and developing mitigation strategies for in-house and 3rd Party Providers.
• Conduct regular physical security assessments and collaborate with facilities management to ensure the security of all employees and physical assets.
• Coordinate with internal stakeholders to ensure alignment of business continuity plans with organisational strategies.
Key Responsibilities:
• Implementing security policies, guidelines, procedures and controls.
• Ensuring compliance with group information security framework, industry standards, regulatory and contractual requirements.
• Responding to security assessments and audits (internal and external).
• Developing and maintaining proactive measures and recovery plans to address potential security threats.
• Liaising with security vendors, suppliers, service providers, and external resources; analyzing, recommending, installing, and maintaining software security applications; and monitoring contractual obligations, performance delivery, and service level agreements.
• Managing and responding to security incidents and breaches.
• Providing security training and awareness programs, working closely with internal teams to foster a culture of security awareness and adherence to protocols.
• Conducting physical security assessments, assuring the safety of employees and IT assets (hardware, software and data).
• Developing and implement business continuity management plan, following group security frameworks.
• Reporting on critical Information Security KPI’s and KRI’s.
• Collaborating with IT teams to integrate security controls.
• Implement and maintain security solutions supported by the Group.
• Reporting to risk and compliance team and business partners on security status and compliance.
• Ensuring compliance with PCIDSS, ISO27001, CPS234/232 & 230, Privacy Act 1998 among others.
• Complying with EA fraud and corruption fight policies (to act honestly and with integrity) and to report any suspected incidents of fraud and corruption.
• Adhering to Company Policies and Procedures, including Health & Safety, Equal Opportunities, Data Protection, Code of Conduct, Security, IT, and Internal Control Financial Regulations.
• Continually surveying the current perimeter to determine future network and security needs and making recommendations for enhancements in the implementation of future infrastructure, solutions and security tools.
• Supporting on the execution of tasks that may reasonably be allocated by your Manager/Company’s Senior Management Team and Regional CISO.
Qualifications and Skills:
• Bachelor's degree in Information Technology, Computer Science, or a related field.
• A Master's degree in a relevant discipline is highly recommended.
• Relevant information security certification.
• Demonstrated experience with Qualys for vulnerability management.
• Proficiency with Microsoft Defender, Microsoft 365, and endpoint security.
• Experience with Expander software and Palo Alto Firewalls.
• Expertise in MISP software for Threat Information.
• Experience conducting 3rd Party Assessments and utilizing TPS tools.
• Proficiency in Archer software for Risk Management.
• Experience with HOPEX for IT Asset Management.
• Strong understanding and experience in cloud environment architecture and security.
• Experience in developing documentation to meet APRA regulatory and audit requirements.
• Proficiency in network configuration and management.
• Experience with Genesys telephony system, infrastructure, and security.
• Proficiency in Zendesk tool, configuring flows, triggers, and security controls.
• Expertise in Data Retention Policies and implementation on various systems.
• Proven experience in ICT security management and administration, with a comprehensive understanding of risk management and security best practices.
• In-depth knowledge of security frameworks, standards, and best practices, including NIST, ISO27001, and PCI DSS.
• Proficiency in conducting comprehensive security assessments to identify vulnerabilities, threats, and risks.
• Experience performing risk assessments and developing control and mitigation strategies.
• Experience in developing and implementing business continuity plans.
• Demonstrated project management experience.
• Excellent analytical and problem-solving skills.
• Effective communication and interpersonal skills, with the ability to collaborate effectively with various stakeholders.
• Ability to work independently and as part of a team.
• Exceptional verbal and written communication skills.
• Ability to lead and adapt in an environment of change.
Salary Range: $85,000-100,000/year
Job #L84X5W53
