Cyber Security – Access and Compliance Lead

Cyber Security – Access and Compliance Lead

Vacancy expired!

Job Description

You will provideservices to co-define (in conjunction with the client), document and oversee implementation of secure Access Management practices across the client.

You will provide governance, risk management and support for the day to day operations of the Access Management program, in addition to the continual improvement of security outcomes through projects and Business-as-usual (BAU) activities. This opportunityis pivotal in ensuring the ongoing ICT security accreditation for a major program delivering ICT infrastructure, and will alsoassist and monitor compliance of operational teams with these practices and processes.

In addition,the rolewill establish a small team of technical expertsto provide specialist technical advice and support across a range of Access Management technologies and toolsets.

In addition to the Access functions the role will support the GRC outcomes of the Security team to assist with ensuring compliance with the applicable Information Assurance (IA) frameworks, policies, and standards (with particular focus on Information Security manual (ISM) and Defence Security policies.

• The creation, maintenance and implementation of the relevant security governance and compliance polices and plans will be a core focus, along with compliance monitoring of service delivery areas and Security advice;
• Work with the client to revisit and redefine Access Management processes, automated job logging systems and drive implementation of automation of actions on sensitive accounts ;
• Build a team to assist existing AD and LDAP technicians to remediate know gaps and drive continual improvement
• Develop, implement and maintain security governance, including security frameworks, policies, and standards, for a major ICT infrastructure program in accordance with Information Security Manual and Defence Security Manual;
• Develop, implement and maintain the Security SOPs and SSPs supporting certification and accreditation for the service being delivered;
• Liaise with service delivery areas, client management and client security areas to ensure security processes are effective and have been implemented in the Service Delivery areas;
• Conduct routine audits to validate the certification and conformance readiness state achieve System Certification and Accreditation;
• Lead identification, implementation and review of the full range of I&A measures to ensure certification and accreditation is maintained in a complex environment.

• Enhance current infrastructure, evaluating new controls and making recommendations for their implementation to improve security;

• Support project implementation and working with both the business IT teams & subject matter experts;

• Engage with stakeholders to investigate and remediate audit findings.

• Experience in developing, implementing and running Access management functions in complex organisations;
• Hands on or technical security compliance audit experience across a range of platforms including networks, Windows, Unix and Linux in Government context;
• Experience with implementing or running Privileged Access management systems and solutions
• Experience in advising, defining and/or implementing Role Based Access frameworks
• Excellent knowledge of Australian Government security requirements and preparing for undertaking System Assessments, Certifications and Accreditations
• Experience or demonstrated knowledge in applying policy and compliance assessment at a technical level across networks, Windows and Unix/Linux environments.

Qualifications

• Bachelor's Degree in Computer Science, Information Security, Information Systems, or related field, or equivalent professional experience and specialised training commensurate with assignment;
• Applicable certifications, such as ITIL (Access management/Security Management), CISSP, CISA, CISM;
• Current iRAP or desire and ability to become iRAP an advantage;
• Must hold a minimum of NV1 OR NV2 clearance to be considered.

Additional Information

This role will require the successful applicant to be an Australian Citizen with a current NV1 and ability to obtain NV2.

At Leidos, we’ve built our business on the ability to Redefine Possible and the same applies to your career. We proudly embrace diversity and support our people at every stage of their Leidos journey in terms of inclusion, accessibility and flexibility. We look forward to welcoming you.