Cyber Security Advisor – Government Systems

About the role

CanIComply is seeking a Cyber Security Advisor to provide ICT security advice to Australian Federal Government clients, focusing on system authorisation and cyber risk management. You will work with Cyber Security Division teams to develop and maintain security artefacts and support complex ICT environments.

Key responsibilities

• Develop, review and maintain security artefacts such as Security Risk Assessments, POA&Ms and System Security Plans to achieve and sustain Authority to Operate (ATO).
• Identify, test and assist with implementation of security controls aligned to PSPF, ISM and ISO 27001/2 standards.
• Analyse and document security risks, recommend treatment options based on current threat trends and attack techniques.
• Manage stakeholder relationships, communicating security concepts clearly to both technical and non‑technical audiences.
• Maintain service levels, support policy and procedure development, and drive continuous improvement of security services.
• Provide security awareness and education to departmental staff.

Required profile

• Extensive experience with risk and information security frameworks, policies and standards, including PSPF, ISM and ISO 27001/2.
• Proven experience in security risk assessment and authorisation artefact development for achieving ATO.
• Experience working in complex ICT environments, preferably within Federal Government or large organisations.
• Strong stakeholder management and ability to convey security concepts to non‑technical audiences.
• Awareness of global cyber security trends, attack vectors and techniques.

Required skills

• Risk assessment and analysis
• Security controls implementation (PSPF, ISM, ISO 27001/2)
• System authorisation and ATO processes
• Azure security concepts
• Development of Security Risk Assessments, POA&Ms and SSPs