Information Security Officer

• Shape the cybersecurity strategy and resilience from the ground up.
• Use cutting-edge tools like SIEM, EDR/XDR, and CASB to stay ahead of threats.

• Provide expert advice to ICT and business stakeholders to strengthen the organisation's security posture.
• Support the development and continuous improvement of the information security governance framework, including policies, standards, and procedures.
• Ensure security controls are implemented, monitored, and aligned with internal policies, regulatory obligations, and audit requirements.
• Conduct threat hunting, forensic investigations, and integrate findings into governance, risk, and compliance (GRC) reporting.
• Participate in enterprise risk assessments and perform control testing to evaluate and mitigate information security risks.
• Lead vulnerability assessments and penetration testing, and recommend remediation strategies aligned with the organisation's risk and security objectives.
• Conduct third-party risk assessments and support vendor security reviews during procurement and on boarding processes.
• Investigate and implement emerging technologies and practices to enhance security capabilities and resilience.
• Promote a culture of compliance and accountability through the delivery of security awareness and education programs.
• Manage and enhance the information security incident response process, including post-incident reviews and continuous improvement.
• Provide cybersecurity and GRC input in project planning, delivery, and business decision making forums.
• Conduct gap assessments against the WA Cyber Security Policy and ensure alignment with the Essential Eight Maturity Level 1.
• Establish and maintain governance frameworks, security guardrails, and operational risk registers.
• Maintain and uplift security policies, guidelines, and documentation to reflect evolving threats and compliance requirements.

• A tertiary qualification in a relevant discipline.
• Proven experience in information security and Governance, Risk & Compliance (GRC).
• Hands on expertise in incident response, infrastructure hardening, and day-to-day security operations.
• Familiarity with tools such as SIEM, DLP, EDR/XDR, CASB, and threat intelligence platforms.
• A strong understanding of key standards and frameworks, including ISO 27001, PCI-DSS, NIST, ASD Top 8, the Privacy Act, and APRA CPS 234.
• Knowledge of secure software development practices and common application vulnerabilities (e.g. OWASP Top 10).
• Solid technical knowledge of Windows and Linux environments, as well as networking protocols across the OSI model.
• Experience conducting security assessments, audits, and implementing security technologies.
• A good grasp of risk management principles and compliance frameworks.
• Strong analytical and problem-solving skills, with the ability to think critically and act decisively.
• Excellent communication skills and the ability to engage effectively with both technical and non-technical stakeholders.
• A flexible, team-oriented attitude with the ability to step into technical tasks when needed.

• Flexible working arrangements.
• The opportunity to be part of a mission-driven organisation making a meaningful impact across Western Australia.
• A dynamic and collaborative environment with room to grow and develop your career.
• A chance to shape and influence the future of the organisation's information security landscape.

Michael Page