ASD 4, 5, 6 (Multiple Classifications)
$77,787.84– $147,915.36 (plus 15.4% super)
Perth CBD - WA

The Role

The systems assessment section is expanding and seeking to fill multiple positions across ICT Risk and Compliance Assessor roles. These positions range from entry level to senior team members. As an ICT Risk and Compliance Assessor you will engage in performing security threat and risk assessments of diverse range of critical military and government systems to ensure fit-for-purpose security controls are implemented. You will also engage with our stakeholders to conduct threat modelling, threat assessments and provide guidance on diverse security topics. As you go along, you will develop tactical and technical abilities to outthink our adversaries and protect our secrets.

You will have the opportunity to enrol in several learning and training pathways, leading to recognised certifications and qualifications in ICT audits, threat modelling and security architecture. You will also be able to specialise in security domains such as cross domain architectures, automated continuous assessment techniques and ICT security of systems hosted in remote and harsh environments.

The section is looking to recruit people with experience or passion to learn security threat modelling, security risk assessments and mitigations. Examples of the types of things you will do (or learn to do) are:

• Perform threat modelling and assessments of highly sensitive and critical systems.
• Conduct ICT risk assessments by utilising frameworks such as ASD information security manual (ISM) and Essential Eight.
• Undertake site visits to assess and validate control implementation against documented controls.
• Consult interdisciplinary internal teams to validate security posture of specific products and systems, and suitability of alternative controls.
• Develop reports that help senior executives, highlighting key findings of ICT risk assessments and proposed mitigations.
• Respond to inquiries from stakeholders by liaising with ASD teams and subject matter experts.
• Deliver regular reports regarding assessment activities.

ASD’s System Assessment Team is seeking multiple candidates to fill vacancies at ASD4, ASD5 and ASD6 levels.

ASD4 ICT Risk and Compliance Assessors:

• With supervision, perform assigned modular tasks and respond to inquiries from stakeholders.
• Proactively report and escalate any issues with ongoing assessments.
• Develop knowledge of cyber security frameworks and technologies.
• Actively engage in ongoing self-improvement and professional development.

ASD5 ICT Risk and Compliance Assessors:

• With limited supervision, deliver assigned broader tasks and provide guidance to stakeholders. 
• Actively liaise with key stakeholders to identify relevant expectations and concerns.
• Develop a sound understanding of cyber security frameworks and technologies.
• Proactively identify training needs and engage in ongoing self-improvement and professional development

ASD6 ICT Risk and Compliance Assessors:

• Take responsibility for end-to-end delivery assigned projects, by coordinating with internal and external stakeholders.
• Build, extend and sustain positive relationships with key stakeholders and interdisciplinary ASD teams.
• Identify process improvement opportunities and take initiatives to drive change within the team.
• Function as a subject matter expert in one or more security domains, and continue to engage in ongoing self-improvement and professional development.

Performing security assessments requires you to be on-site most days and may require visiting client sites occasionally. However, there will be a range of flexible working arrangements available in line with ASD determination.

About our Team

ASD has a dual mission of providing foreign signals intelligence and cyber security for Australia. ASD, through its strategic objectives delivers its mission by informing government, protecting Australian networks and disrupting those that would harm Australia and its interests.

ASD’s Systems Assessments team conducts security assessments on highly sensitive and critical systems. As part of these assessments, we conduct threat modelling, risk assessments and providing guidance on various security topics to our stakeholders, leading to authorisations of such systems. We play a significant role in allowing our stakeholders to operate highly sensitive and critical systems in a secure manner. It is a multidisciplinary team with diverse skills, background and experience, comprised of people who have joined from industry, academia and fresh from completing study.

The team has a culture that values technical and professional development of its team members and promotes opportunities for development. The team values collaboration, knowledge sharing, creativity in thinking and perseverance. The team culture supports flexible work practices so that people can balance their work and what is important to them outside of work.

Our Ideal Candidate

We are looking for candidates who either are or have the potential to be ICT Risk and Compliance Assessors. This includes candidates with experience in any of the following areas:

• ICT governance, risk and compliance (GRC)
• ICT auditing and consulting – E.g. Essential Eight and NIST
• ICT and security strategy and operations
• Enterprise risk management
• Telecommunications
• Networking
• ICT Service Desk
• ICT pre-sales and customer success
• Business analysis

The most important characteristics you will display are

• The most important characteristics you will display are
• perseverance and resilience in the face of difficult problems
• the drive to continuously learn (from others and independently)
• desire to work collaboratively and conscientiously with the team

Application Closing Date: Sunday, 25th of February 2024.

For further information please review the job information pack, reference ASD/00592/24 on https://www.asd.gov.au/careers.