Reporting to the Manager, Cyber Security Governance, the role supports the operational delivery of the Information Security Management System (ISMS) through the assessment of information security risk associated with ICT services and IT initiatives; measurement of the operational delivery and effectiveness of security controls; management of security remediation and enhancement activities; and timely and effective security incident management.
Information and Communications Technology (ICT) is the organisation's central IT department and is responsible for keeping the organisation connected through continuously improving the reliability and effectiveness of its information and communications technology.
- Manage the delivery and continuous improvement of the Information Security Management System (ISMS), including governance processes, information security policies, standards, procedures, and associated compliance tests. Lead the development and implementation of the Information security framework by overseeing key components of the framework; ensuring it meets the needs of key stakeholders and information security objectives and is executed in a manner to support full adoption.
- Assess the operational delivery and effectiveness of security controls as part of the information security compliance programme. Liaise with key senior stakeholders in the organisation, and provide high-level advice and guidance for remediation or improvement.
- Responsible for providing strategic and/or operational information security advice to clients and ICT stakeholders.
- Plan, develop and review major policies, objectives and strategies for the management of information security risk for the University.
- Identify and assess security risks, recommend and document risk treatment actions, in respect of ICT services, solution designs and technology architectures.
- Report to the Manager, Cyber Security Governance on the status of information security management, progress on risk treatment activities, security incidents and policy exceptions.
- Promote an awareness of the University's internal and external environment for emerging threats and advise the Manager, Cyber Security Governance as appropriate. Ongoing
- Take a lead role in the promotion of general awareness of information security risks on the part of consumers of ICT services, and how to manage organisational and individual risk exposure.
- Provide leadership and mentoring to the Cyber Security Governance Analysts, partnering with them on key projects to provide guidance and support in their roles and development.
The successful candidate will have:
- Extensive experience in cyber security governance focused on management of risk treatment actions, metrics and reporting.
- Demonstrated significant experience in management of cyber security awareness communications.
- Expert knowledge of the principles of control assurance testing / auditing.
- Expert knowledge of the principles of identity and access management.
- Expert knowledge of cybersecurity principles and practices
- Excellent leadership skills, with the ability to provide thought leadership in cyber security and work as part of a team in a complex organisational structure and IT environment
- Strong project, analysis, problem solving, and business relationship skills
- Proven ability to present with credibility and translate technical and complex information concisely for diverse audiences
- Well-developed interpersonal skills to effectively manage key stakeholders, build robust relationships and work with a diverse set of business and technology people across the university and third-party vendors