Senior Governance, Risk and Compliance Advisor
Datacom
- Canberra, ACT
- Permanent
- Full-time
- Ability to engage with different, people, processes and technologies.
- Should be comfortable in front of a customer in delivery of consulting with some understanding of technologies.
- Always seeking improvement in themselves and within aspects of delivery.
- Open-mindedness and the ability to be provided with risk mitigation options from various stakeholders.
- Able to see the bigger picture and understands the concept that a risk can be mitigated various ways through various methods.
- Able to work independently or part of a team, share knowledge.
- Identify, develop and implement Security processes, standards and policies
- Work closely with our internal business units to ensure the application of security controls that meet Datacom and business requirements, and align to the Datacom Information Security Plan
- Work closely with our internal business units and clients to ensure adherence to Information Security Manual (ISM) and The Protective Security Policy Framework (PSPF)
- On-going auditing, monitoring and improvement of security controls, including the development of Threat and Risk Assessments (TRA), System Security Plans (SSP), and Security Risk Management plans (SRMP).
- ISO27K framework and knowledge of building and running an Information Security Management System (ISMS)
- Providing guidance, education, and training to ensure adherence and compliance (people, processes, and technology)
- Extensive experience in information security, audit, assurance, governance, risk or compliance and a sound understanding of information security principles, polices and standards
- Previous experience with stakeholder engagement with a strategic and strategy focus
- Experience with and good understanding of IRAP
- The GRC Advisor must have a detailed knowledge of agency-specific and Australian Government protective security policy, principles, and minimum standards, and be provided with opportunity to maintain this knowledge
- Understanding of contract deliverables and obligations
- Some technical knowledge to make informed decisions about business risks from vulnerabilities
- Ideally, you will be industry certified and may even hold a CISSP, CISM, MS or equivalent certifications.
- Experience in developing and administering an information security program (desirable).