Peritus Recruitment
Cyber Security Analyst
Peritus RecruitmentAustralia10 days ago
ContractInformation Technology
Primary Purpose

Develop, implement and support cyber governance, risk and compliance activities through effectively managing the cyber risks, meeting regulatory requirements and ensuring compliance while enhancing performance and achieving business objectives.

Key Responsibilities

  • Perform cyber security risk assessments in line with the client's risk management framework ensuring any findings are reported and effectively managed with clear treatment plans and treatment decisions in client's risk management solution
  • Perform in-depth due diligence and risk assurance on client's existing and potential third parties to ensure compliance with the third-party assurance framework and security requirements
  • Identify and evaluate the potential risks and impacts of third-party relationships on client's business objectives, operations, reputation and data security
  • Support the implementation and maintenance of Information Security Management System (ISMS) aligning to security frameworks including ISO 27001, NIST, Essential 8 and NSW Cyber Security Policy
  • Assist in developing, implementing and maintaining policies, standards, procedures, and documentation for information and cyber security.
  • Support the NSW cyber security policy attestation process through assessment and regular reporting on maturity ratings.
  • Provide governance on various cyber assurance activities including participation and reporting on audits and cyber controls effectiveness testing.
  • Ensure compliance with legislative, legal and contractual requirements where applicable.
  • Collaborate with multiple teams including but not limited to business owners, procurement, architecture, legal, privacy, risk and compliance to enable an integrated approach of managing third party risks effectively.
  • Participate is relevant risk committees and forums and ensure regular reporting is provided.
  • Assist in the cyber uplift program through participation and continuous improvement of client's risk management framework.
  • Maintain relationships with management and team members to influence and foster a risk-aware culture.
  • Excellent ability to multi-task, works well under pressure and knows how to prioritize tasks.
  • A flexible worker who can adjusting & adapt to a fast-paced tech environment.

ESSENTIAL CRITERIA:

  • Proven track record performing and effectively managing security risk assessments.
  • Experience in performing governance, risk and compliance activities including assessments on third parties.
  • Experience implementing and supporting relevant industry standards and frameworks which may include NSW Cyber Security Policy, NIST CSF, SOC2 and ISO-27000 series.
  • Very good stakeholder engagement and communication skills - the candidate should demonstrate ability to consult, facilitate and adapt the engagement approach to cater to a diverse range of stakeholders.
  • Understanding of communication, network & security protocols, cryptography, authentication & authorization, certificate management, Identity & Access Management, and threat modelling.
  • One or more certifications related to the above-mentioned criteria would be viewed favorably, although are not mandatory. Examples may include CompTIA Security+, CRISC, CISA, CISSP, ISO27001 LA/LI.
  • Tertiary level qualifications (at degree level) in cyber security or a related discipline, or equivalent knowledge and skills acquired through practical experience.

Key Skills

Ranked by relevance
Apply