Security Analyst

Description

• 9 month contract
• Key initiative
• Brisbane CBD

As part of the implementation of the Cybersecurity Strategy and the new QGCIO Information Security Policy, the Department of Education and Training has decided to implement an ISO27001 based Information Security Management System (ISMS) and as such requires assistance in the development and implementation of this initiative.

The following tasks will be part of the role:

• Understanding the application of an Information Security Management System in the context of ISO 27001
• Deep understanding of the concepts, approaches, standards, methods and techniques required to effectively manage an Information Security Management System (ISMS)
• Understanding the relationship between the components of an Information Security Management System, including risk management, controls and compliance with the requirements of different stakeholders of the organisation
• Demonstrated expertise to support an organisation in implementing, managing and maintaining an ISMS based on ISO27001
• Ability to liaise with and support multiple teams implementing the ISO27001 standard
• Proven knowledge and skills required to advise organisations on best practices in management of information security
• Capacity to analyse and provide outcomes in the context of information security management

What you will need?

• Demonstrated experience with investigative work to determine security analytics and specify effective business processes, through remediation action plans in information systems, information management, procedures and organisational change that is specific to ICT Security.
• Demonstrated well-developed communication, interpersonal and writing skills, including the demonstrated experience in conducting analytics, documenting security posture and reporting to executive bodies.
• Demonstrated experience in identifying and validating multiple requirement types such as Business, systems, configuration and concepts.
• Demonstrated ability to analyse network environments, which will require gap analysis for security testing and vulnerability scanning.
• Demonstrated experience and practical understanding of ICT Security principles, ISO27001, Web Application Firewalls, QGCIO Information Standards, ICT networks and vulnerability assessments.

This role closes Monday 18th September 2017. For further information, contract Graham Eather or Alfred Sinisa.