Data Security Analyst at New South Wales Government

Sydney, New South Wales, Australia -

Full Time

Start Date

Immediate

Expiry Date

19 May, 26

Salary

0.0

Posted On

18 Feb, 26

Experience

2 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Data Security, Information Assurance, Data Protection, Technical Safeguards, Secure Configuration, Encryption, Tokenisation, Masking, Data Loss Prevention, DLP Policies, Access Control Models, RBAC, Key Management, Data Discovery, Data Classification, Security Awareness

Industry

Law Enforcement

Description

Guiding the future of NSW education Position details: Clerk Grade 7/8 Ongoing, full-time opportunity Close to Wynyard station & hybrid work arrangements available About us At the NSW Education Standards Authority (NESA), we are dedicated to carrying out meaningful work that drives improvements and elevates student achievement across NSW, now and into the future. We accomplish this by supporting all school sectors with high-quality syllabuses, assessment (including managing the HSC and NAPLAN), teaching standards (e.g., accrediting teachers) and school environments (including setting and monitoring school standards). NESA is a unique organisation in NSW (of around 740FTE staff) with significant state-wide impact, visit our website to learn more about the important work we do. About the role Are you ready to protect our information and drive security forward? At NESA, join our newly established Cybersecurity, Information Assurance, and Data Protection team and play a key role in safeguarding critical information across the organisation. As a Data Security Analyst, you will play a key role in protecting sensitive information and ensuring compliance with data security standards across the organisation. This role is responsible for implementing and managing technical safeguards, maintaining secure configurations, and ensuring compliance to protect critical data assets across their lifecycle, including secure retention and disposal practices. This is an exciting opportunity for someone who thrives on balancing service delivery with strong security practices, while working collaboratively with ICT, data governance, and privacy teams. On a day-to-day basis you will be responsible for: Designing and implementing technical data protection controls such as encryption, tokenisation, masking, and secure data transfer in collaboration with ICT and vendors. Ensuring secure configuration and monitoring of storage, backup, and archival systems with ICT and other record management practices across different BUs. Defining and supporting Data Loss Prevention (DLP) policies for endpoints, cloud services, and email, coordinating deployment across the business. Providing guidance on access control models (RBAC) to promote least privilege principles. Collaborating with Identity and Access Management to integrate data access controls with enterprise identity systems. Advising on encryption practices for data at rest, in transit, and in use, including standards-aligned key management. Monitoring data security telemetry, supporting investigations of suspicious activity, and assisting with remediation strategies. Supporting the deployment of data discovery and classification tools to govern sensitive data, aligned with regulatory and organisational requirements. Supporting data protection efforts by leading security awareness initiatives focused on safe data handling. Supporting records and information management objectives by contributing to data and information assets’ visibility, aligning classification with retention and disposal requirements, and embedding secure lifecycle practices across business processes. Contributing to awareness, communication, and uplift initiatives that promote safe and compliant information management practices across the organisation. Our ideal candidate will have: The ability to balance service delivery demands with robust security practices in a dynamic environment. Strong organisational skills to manage conflicting and changing priorities while meeting service standards. Current knowledge across a range of technical and security streams to provide expert advice. An understanding of data protection technologies such as encryption, tokenisation, masking, and secure transfer methods. Experience with data discovery, classification, and governance practices to protect sensitive data. Knowledge of compliance frameworks such as ISO 27001 and relevant privacy legislation. An understanding of records and information management principles, including data and information asset registers, retention and disposal requirements, archival controls, and alignment with organisational recordkeeping obligations would be highly desirable Essential Requirements Tertiary qualifications in a relevant field or equivalent experience. A valid Working with Children Check (WWCC) clearance for paid employment (prior to commencement, not required at application) Note: A current NSW Working with Children Check (WWCC) clearance for paid employment is required before commencing in this role. It is not required at the application stage. The cost of the WWCC clearance is the responsibility of the successful applicant. Download the role description. At NESA you will benefit from: An organisation where your contribution has a big impact. An enviable CBD location (all modes of transport nearby, and excellent coffee and eateries) with refurbished offices. Flexible working arrangements and generous leave entitlements. Access to discounted health and fitness memberships via Fitness Passport, an employee assistance program and annual flu vaccinations. Salary packaging options. Working in a purpose driven and ethical organisation with committed colleagues. Ready to join us? Select apply and attach an up-to-date résumé (maximum 5 pages) and a cover letter (maximum 2 pages). Also address the 2 targeted questions below in your online application: Describe a situation where you identified a potential breach of data security or a compliance issue. How did you act to address the issue while maintaining professional integrity, and what did you learn from the experience? Provide an example of when you had to analyse complex technical information and communicate your findings to non-technical stakeholders. How did you ensure your recommendations were understood and implemented effectively? Advice on applying for NSW Public Sector roles If you need reasonable adjustments for the recruitment process and workplace, please reach out to the contact person above. Close date: Wednesday 4 March at 11.59pm AEST Thank you for your interest, we look forward to receiving your application. Important information NESA’s Statement of Commitment to Child Safety All children and young people have the right to be respected, feel safe, be safe, and protected from harm. NESA is committed to child safety and child safe practices underpinning our purpose of helping children and young people leave school, ready to take advantage of life’s opportunities and rise to its inevitable challenges. We particularly welcome applications from Aboriginal and Torres Strait Islander people, people with disability, people of all ages, genders, cultural and linguistic backgrounds and the LGBTQIA+ community. Visa sponsorship is not available for this position. For ongoing roles, you must be an Australian or New Zealand citizen or an Australian Permanent Resident. Australian Temporary Residents may be considered for a fixed term contract for the length of their visa, depending on the requirements of the hiring area and the position. A Talent Pool (valid for 18 months) may be created for future ongoing and temporary roles.

Responsibilities

The analyst will implement and manage technical data protection controls like encryption and tokenization, while defining and supporting Data Loss Prevention (DLP) policies across endpoints, cloud services, and email. Responsibilities also include monitoring data security telemetry, supporting investigations, and contributing to data discovery and classification efforts.