Cyber Sec Gov & Risk Analyst

at  University of New South Wales

Job no: 525766
Work type: full time
Location: Sydney, NSW

Categories: Information Technology, Cyber

• Employment: Full time (35 hours per week)
• Duration: Continuing
• Remuneration: Excellent salary package including leave loading and generous superannuation
• Location: Based in Kensington, Sydney (hybrid working available)

SKILLS AND EXPERIENCE

• A minimum of 2-3 years of experience in cyber security governance, compliance, risk management or cyber security operations within major organisations.
• Sound understanding of control assurance testing / auditing as well as identity and access management principles.
• Well-developed knowledge of cybersecurity principles and practices.
• Ability to present with credibility and translate technical and complex information concisely for diverse audiences using strong analytical and problem-solving skills.
• Strong negotiation and influencing skills to effectively manage key stakeholders, build robust relationships and work with a diverse set of business and technology people across the university and third-party vendors.
• Experience with industry-wide security standards and compliance frameworks such as ISO/IEC 27001, NIST CSF, COBIT 5 etc.
• Relevant industry certification(s) such as CSX, CRISC, CISA, CISSP, ISO/IEC 27001 Lead Implementer/Auditor, AWS, Google, Microsoft Technology (highly desirable).
• Demonstrated high level of personal motivation, resilience, and ability to work effectively individually or in teams.
• An understanding of and commitment to UNSW’s aims, objectives and values in action, together with relevant policies and guidelines.
• Knowledge of health & safety (psychosocial and physical) responsibilities and commitment to attending relevant health and safety training.
  More Information
  To Apply: If this is of interest to you, please submit your CV, Cover Letter and responses to the Skills and Experience.
  Applications close: Tuesday 9th of July at 11.30pm

• Maintain cyber security policies and standards, periodically review, update, and align them with the overall policy framework and manage exemptions.
• Maintain and operationally deliver cyber security controls assurance services designed to assess whether key controls are operating effectively and consistently, including auditing of internal cyber security controls; risk assessment of 3rd party/supply chain risk exposure; and penetration testing of ICT systems and infrastructure.
• Maintain and administer a quantitative (value-at-risk) threat model relevant to the reporting of UNSW’s major cyber security threats and key controls.
• Maintain cyber risk register, socialise the risks to the relevant teams and administer the completion of risk treatment and policy compliance initiatives.
• Administer, and operationally deliver cyber security policy risk and metrics reporting using metrics dashboard to drive compliance.
• Coordinate and support the independent audit of cyber security controls on behalf of the University, including statutory audits completed by the Audit Office of NSW.
• Maintain and administer the cyber security awareness and training initiatives.
• Maintain awareness of legal, regulatory compliance and contractual obligations that are relevant to the University’s management of cyber security risk.
• Maintain an awareness of the University’s internal and external environment for emerging threats and advise the Head of Cyber Security Operations as appropriate.
• Escalation of significant security issues and risks as appropriate.
• Cooperate with all health and safety policies and procedures of the university and take all reasonable care to ensure that your actions or omissions do not impact on the health and safety of yourself or others.
  • Align with and actively demonstrate the UNSW Values in Action: Our Behaviours and the UNSW Code of Conduct. • Cooperate with all health and safety policies and procedures of the university and take all reasonable care to ensure that your actions or omissions do not impact on the psychosocial or physical health and safety of yourself or others.