Job Description

Minimum qualifications:

• Bachelor's degree in Computer Science, Mathematics, a related technical field, or equivalent practical experience.
• 5 years of experience in customer-facing roles including interfacing with executive stakeholders and managing and delivering IT technical implementations or related initiatives.
• Experience in supporting enterprise customers in cloud professional services organizations, IT consulting, or program management organizations.

Preferred qualifications:

• Certification in IRAP qualifications or related Certified Auditor qualification such as SANS, ISO 27001, CRISC, etc.
• Experience with DISP Security Officer, PSPF and Security Construction and Equipment Committee (SCEC) training, or endorsed SCEC consultant.
• Excellent partner management, follow-through, resource management, attention to detail and communication skills.
• Australian Government Security Vetting Agency (AGSVA) Negative Vetting 2 (NV2).

About the job

As a Cloud Cyber Assessor for our sovereign cloud capability, you will be part of a team of cyber experts that will conduct cyber assurance activities for our private cloud services, data centers and underlying networks for critical customers in Australia. You will recommend cyber controls and evaluate systems according to the DSPF Principle 23 - Information and Communication Technology (ICT) Certification and Accreditation, the Information Security Manual (ISM), the Australian Cyber Security Centre (ACSC) guidelines, and the Protective Security Policy Framework (PSPF) and other contractual controls in key agreements. You will contribute to the identification of cloud related security and compliance design, development, deployment friction points and collaborate across teams to resolve them. You will help shape the Google Cloud security and compliance.

Google Cloud accelerates every organization’s ability to digitally transform its business and industry. We deliver enterprise-grade solutions that leverage Google’s cutting-edge technology, and tools that help developers build more sustainably. Customers in more than 200 countries and territories turn to Google Cloud as their trusted partner to enable growth and solve their most critical business problems.

Responsibilities

• Conduct cyber assessments aligned with Defence Security Principles Framework (DSPF), or Australian Cyber Security Centre (ACSC) and Information Security Manual (ISM) standards.
• Support the development and execution of comprehensive security authorisation plans (SAP), producing key documentation such as Security Risk Management Plan (SRMP), System Security Plan (SSP) and Annex, Incident Response Plan (CRP), Continuous Monitoring Plan (CMP), and risk assessments to achieve system authorisation.
• Engage directly with the government to build rapport and guide the customer on the assessment and authorization journey.
• Maintain contemporary knowledge of frameworks such as DSPF and DISP, ISM, PSPF and the wider regulatory landscape, while also maintaining knowledge on emerging threats and security technology.
• Perform the role of Defence Industry Security Program (DISP) Security Officer, supporting the maintenance of our DISP obligations.