Principal Analyst - Risk and Governance

Adactin, one of the fastest-growing companies in Australia and the APAC region, thrives on its solutions and services on INNOVATION. Our vision, combined with our experience in the market, has continuously allowed us to grow our expertise which is visible in our comprehensive portfolio. We innovate, strategize, consult and operate for organizations to achieve their business objectives through an array of our services in Software development, Testing services, Digital transformation, Enterprise solutions, and quality ICT training. Adactin is always committed to delivering with conviction and belief in our people. Seize the opportunity and advance your career in a dynamic environment to augment your growth and success.

Currently, we are looking for a "Principal Analyst - Cyber Risk and Governance” to work on significant energy projects for our esteemed client.

• Contract role
• Hybrid work Arrangement
• Sydney
• Australian Citizens are eligible to apply due to project requirement.

Responsibilities

Candidate must have one or more of the following certifications CISSP, CISM, CRISC, Comptia and other relevant industry certifications

Cyber Risk and Assurance

1. You will lead and perform complex cyber risk assessments across people, technology and processes and tracking risk management actions. You will apply your cyber risk management expertise to

2. Deliver compliance with incoming Security of Critical Infrastructure (SoCI) Act obligations with regards to risk management plans and enabling risk aware culture.

3. Ensure Cyber risks affecting systems and processes are appropriately assessed, documented and reviewed

4. Perform Cyber security risk assessment for Third-party vendor solutions and services

5. Conduct regular cyber risks review.

6. Define, monitor and update risk management processes.

7. You will work with the business to

a. Identify, Report non-compliances and work on remediations

b. Drive improvements to existing processes and develop new innovative and efficient solutions, ensuring alignment with cyber security policy and standards

c. Work with the business on various cyber initiatives to enhance the overall cyber security posture

8. Work closely with technical SMEs and solution architects to validate proposed design options, challenge assumptions and ensure approved design incorporates cyber security policy and standards and industry best practices

9. You will apply your advanced communications and negotiation skills to achieve outcomes that balance business objectives within risk appetites.

10. Other duties as required and directed.

Skills and Qualifications Required

• Tertiary qualifications in computer science or technology-related field, or equivalent work or education-related experience

• Minimum of 5 years’ experience in cyber security environment

• Experience in critical infrastructure in the Energy Sector is desirable

• Knowledge of the Australian critical infrastructure regulatory environment and the role that risk plays in meeting obligations

• Experience in the development and implementation of security strategies to support achievement of business outcomes.

• Knowledge and Demonstrated experience of security control frameworks and standard control sets such as PSPF/ISM, NIST CSF,

• AESCSF, CIS 18 / NIST 800-53, NIST 800-82

• Knowledge of contemporary attackers, their motivation, tactics, techniques and procedures.

• Demonstrated technical knowledge of a broad range of IT and security technologies, including:

o Identity and Access Management

o Contemporary endpoint detection and response, vulnerability detection and management.

o Next generation web proxies, email gateways and firewalls.

o TCP/IP, Network Switches and Routers Network Firewalls and WAF's, Active Directory, Microsoft Servers, Linux Servers, VMware

o Servers, Web Servers, Database Servers, Messaging Systems, IAM systems, PKI, Encryption.

o SIEM, Security Log Analysis, Microsoft Sentinel, Incident Response Tooling, Forensic Tooling, Virtual security analysis environments.