Job Description

About Us

IAG Defence & National Security (DNS) is part of IAG, a specialist advisory firm supporting complex infrastructure, Defence and national security programs across Australia.

Our DNS team works closely with Commonwealth agencies and industry partners to deliver specialist expertise into nationally significant programs. Our success depends on our ability to identify, engage and mobilise highly specialised talent quickly and effectively. IAG is recognised as Veteran Friendly Employer under the Veteran Employment Program.

The Role

The Cyber Security Assessor is an experienced Cyber Security Assessment and
Authorisation practitioner who supports the IC3 SPO Senior Cyber Security Manager,
CAF16 Managers and IC3SPO Leadership in delivering against and fulfilling their
cyber security obligations.

The role is embedded within the CAF16 team in IC3 SPO delivery environments
while operating independently under delegated technical authority from the Cyber
Security Assessments and Authorisation (CSAA) Directorate, Defence Cyber and
Information Assurance Branch (DCIAB).

This role is responsible for the conduct of following tasks and activities:

Assessment and Authorisation:

1. Provide System Assessment and Authorisation activities as directed by the IC3
SPO Senior Cyber Security Manager;

2. Conduct system Assessment and Authorisation activities in accordance with:

• ASD Information Security Manual (ISM);
• Protective Security Policy Framework (PSPF);
• Defence Security Policy Framework; and
• CSAA Charter, assessment methodology, templates, and guidance

3. Perform security assessments using Operational Effectiveness Reviews (OER) as
the default approach, with Design Effectiveness Reviews (DER) conducted where
justified;

4. Audit the effectiveness of system security controls implemented across IC3 SPO
capability systems;

5. Develop and deliver assessment artefacts including:

• Security Assessment Reports (SAR);
• ATO briefs; and
• Risk statements and recommended remediation actions.

6. Risk Identification and Analysis:

• Identify, analyse, evaluate, and escalate cyber security and business risks

• Identify and assess vulnerabilities associated with:

a. Security exceptions;

b. Software defects; and

c. Architecture or design weaknesses

• Assess system security architecture and services using structured threat modelling
  methodologies;
• Protect the Confidentiality, Integrity, and Availability (CIA) of Defence information
  and systems Governance, Compliance, and Assurance;
• Review system security documentation, policies, and procedures to ensure alignment with Defence and Australian Government requirements;
• Ensure system compliance with mandatory cyber security requirements;
• Support configuration governance processes including the Change Advisory
  Board’s (CAB) and provide assessment input with risks, mitigations and options for
  the executive authority (EA) to accept; and
• Maintain Objective Quality Evidence (OQE) and all assessment artefacts in
  approved CSAA repositories and submit outputs for CSAA peer review and audit as
  required.

7. Advisory and Stakeholder Engagement:

• Provide cyber security advice within the defined assessor scope of CAF16 and
  IC3SPO;
• Support IC3 SPO and CASG in understanding and mitigating cyber security risks
  impacting capability delivery and operations;
• Build and maintain effective working relationships with:

a. IC3 SPO system and sustainment teams;

b. Integrated delivery teams; and

c. Operational and security stakeholders.

About You

Qualifications for this role:

• Demonstrated qualifications and/or professional experience assessed as suitable
  for eligibility to obtain DCIAB – CSAA endorsement as a Cyber Security Assessor,
  including (but not limited to) CISSP, CISM, ISO 27001 Lead Auditor, and IRAP
  accreditation.
• Knowledge/experience of air C2 systems/applications and/or Defence specific
  systems/applications;
• Time management skills;
• Project management experience;
• Effective writing, communication and interpersonal skills;
• Ability to work in a team;
• Understanding of modern networking, computers and operating systems;
• Two or more years acquisition or project management experience in public
  sector, Defence and/or Capability Acquisition and Sustainment Group (CASG); and
• Current NV1 clearance or higher.

Chain of Command - This position reports to the CAF16 Senior Cyber Security Manager (2nd level)
through the CAF16 ICT Security Manager (1st level).

Subordinates - There are no immediate subordinates of this position.

What we offer

With offices in Perth, Brisbane, Melbourne, Sydney, and Canberra, we’re a tight-knit team, working across some of Australia’s most critical infrastructure and Defence projects. We come from diverse backgrounds and pride ourselves on our flexible, supportive and collaborative team culture. We can offer great work, great people, great culture, great conditions, and an all-round great time, whilst you go about developing a great career in this space.

As part of IAG, you’ll be joining a team of more than 250 professionals’ working across a range of integrated workstreams in a friendly and approachable environment.