Security Analyst

About the role

The Security Analyst will apply deep knowledge of Australian Government cyber security standards to assess, authorise, and document ICT systems. Working within a Defence‑aligned department, the role involves close collaboration with project teams and stakeholders to ensure security controls meet statutory requirements.

Key responsibilities

• Provide contextual security advice to projects, ensuring controls align with PSPF, DSPF, ISM and other relevant standards.
• Develop, maintain, and manage system security documentation throughout pre‑assessment and assessment phases.
• Review system documentation, assess changes against approved baselines, and produce security assessment reports.
• Support governance by reviewing system changes, updating processes and policies, and contributing to risk management activities.

Required profile

• Relevant industry information systems security certification (e.g., CISSP, CISM).
• Detailed understanding of PSPF, DSPF, ISM and ISO 27001.
• Experience in ICT information security or security architecture, preferably with communications network systems.
• Ability to obtain and maintain a NV1 security clearance.

Required skills

• PSPF (Protective Security Policy Framework)
• DSPF (Defence Security Policy Framework)
• ISM (Information Security Manual)
• ISO 27001
• IRAP certification or experience with the IRAP program
• Cloud certification and accreditation in an Australian Government context
• ICT security risk management methodologies