About the Company
This business is part of a leading Australian head-officed company and has a vacancy for an experienced Cyber Security, Risk and Compliance Officer.
Working in the office of the Global CIO, The Security, Risk and Compliance (SRC) Officer performs three core functions for the enterprise.
- Day-to-day monitoring of in-place security solutions via liaison with country IT Operations managers;
- Identification, investigation and resolution of security breaches detected by those systems.
- Identify, manage and communicate business risk and compliance across the group
Secondary tasks may include involvement in facilitating the implementation of new security solutions, participation with other Group SRC's in the creation and or maintenance of policies, standards, baselines, guidelines and procedures as well as conducting vulnerability audits and assessments. The SRC is expected to be fully aware of the enterprise's security and compliance requirements and to actively work towards upholding these requirements for example PCI DSS and GDPR.
This role would be well suited to an operational security professional or consultant with at least 4 to 5 years' experience, looking to expand their skill-set and knowledge in a dynamic and fast growing business.
Strategy & Planning
- Participate in the planning and design of enterprise security architecture.
- Participate in the creation of enterprise security documents (policies, standards, baselines, guidelines and procedures).
- Participate in the planning and design of an enterprise Business Continuity Plan and Disaster Recovery Plan.
- Ensure a business risk profile is created and managed across the group.
- Ensure identified risks are communicated to business leaders with risk mitigation plans in place.
- Communication and upholding of compliance requirements within the business.
- Assisting technical leaders in the planning and design of enterprise security architecture.
- Stay current with future security trends and regulatory, legislative compliance and security policies.
Acquisition & Deployment
- Maintain up-to-date detailed knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors.
- Recommend additional security solutions or enhancements to existing security solutions to improve overall enterprise security.
- Facilitate and manage the deployment, integration and initial configuration of all new security solutions and of any enhancements to existing security solutions in accordance with standard best operating procedures generically and the enterprise's security documents specifically.
- Identify and manage IT risk reorting process across the business.
- Assist with the development and maintenance of configurations for all in-place security solutions as per the established baselines.
- Monitor all in-place security solutions for efficient and appropriate operations.
- Participate in investigations into problematic activity.
- Participate in the design and execution of vulnerability assessments, penetration tests and security audits.
- Provide on-call support for end users for all in-place security solutions when required.
- Review group businesses risk profiles and compliance set to ensure they meet standards and are updated when required.
- Formal Education & Certification
- Tertiary qualifications in the field of computer science or information technology.
- One or more of the following certifications:
- CompTIA Security+
- GIAC Information Security Fundamentals
- Microsoft Certified Systems Administrator: Security
- Associate of (ISC)2
- CISM or CISSP.
Knowledge & Experience
- Experience with the management and deployment of security solutions and products (Anti-virus, vulnerability management, etc.)
- Knowledge in regulatory and legislative compliance, standards and security policy including enforcing and maintaining compliance with these. Examples of these include PCI DSS, GDPR, ISO27001
- Experience engaging with executive and c-level stakeholders including explaining risk and how it applies to their business (Preferred).
- Experience in risk management and reporting on risk.
- Strong understanding of IP, TCP/IP, and other network administration protocols.
- Strong understanding of windows and Linux operating systems.
- General understanding of network appliances and security devices.
- Experience in engaging and managing vendors.
- Providing leadership in the security and risk discipline across the group.
- Proven analytical and problem-solving abilities.
- Ability to effectively prioritize and execute tasks in a high-pressure environment.
- Good written, oral, and interpersonal communication skills.
- Ability to conduct research into IT security issues and products as required.
- Ability to present ideas in business-friendly and user-friendly language.
- Highly self-motivated and directed.
- Strong attention to detail.
- Team-oriented and skilled in working within a collaborative environment.
- This role will report directly to the CIO and will indirectly report, from a discipline perspective, into the Group Global CISO and Enterprise Risk.
- 40-hour on-site work week with on-call availability
- This role is a global role so travel may be required
Great package, culture and benefits, truly a best-practice organisation to work with.
To apply, click the link and upload your current resume in word format. If you would like to have a confidential discussion, please contact Nicholas Leong or Gerry Deakin on 07 3023 1000, quoting ref no. JO-1803-87756. Want to know more about Davidson? Visit us at www.davidsonwp.com