We have an exciting and challenging opportunity available for an experienced GRC Security Lead to be part of a close-knit, cross-fields multidisciplinary team. Working in a fast-paced environment in a collaborative team with broad skillsets, you will be involved in a broad portfolio of programs primarily in Defence, ensuring the delivery of secure, compliant and accredited systems. The role will see delivery of projects across both on-premise and hyperscale cloud platforms, along with any associated Partner systems interconnection.
- Engagement with key stakeholders including internal project management, Certification Authority representatives, security service providers, other internal IT security personnel and business owners to tailor the scope of responsibility and approach to delivering security controls, artefacts, risk identification and assessment, security testing for deployed security controls and responsibility for risk treatment recommendations
- Consideration of and alignment with project schedules such that the certification and accreditation effort supports the business requirement to operate the subject system(s)
- Identification, validation and or advocacy for security requirements (functional or non-functional) and dependencies associated with system delivery, transition into service or ongoing sustainment
- Development of an Accreditation Plan detailing the elements above with the necessary activities, artefacts and stakeholder contributions required to complete the certification and accreditation process for assigned projects. This includes authoring of the System Security Plan (SSP), System Risk Management Plan (SRMP), IRP (Incident Response Plan), CMP (Continuous Monitoring Plan), BIL (Business Impact Level), and other accreditation documentation as appropriate.
- Ownership for the execution of the Accreditation Plan with reporting as required by the business, project, Certification Authority or other interested stakeholders
- Handover of all completed artefacts to operational groups for ongoing sustainment of the accredited system.