3 Easy Steps

  • 1Search for courses by Study Area, Level and Location
  • 2We deliver you all the matched results
  • 3Choose one or more course providers to contact you
Industry

Distance from location (kms)

Exact 5 10 25 50 100

Posted since

All 2 Days 1 Week 2 Weeks 1 Month

Sort results by

Relevance Date

26

May

Governance, Risk And Compliance (Grc) Security Lead

Leidos - Canberra, ACT

IT
Source: uWorkin

JOB DESCRIPTION

Full Job Description
Company Description

Introductions

The first thing you learn at Leidos Australia is to leave current thinking at the door. Our aim is to make the world a safer, healthier and more efficient place, but we won’t get far using existing ideas.

Due to our ongoing success, the Leidos family is growing rapidly across Melbourne and Canberra. This year is set to be an amazing year of growth and we need incisive minds like yours to keep highly complex systems functional and secure.

Job Description

Your New Role

Working on a Defence project, the Governance, Risk and Compliance position is focused on providing project support for delivery of secure, compliant and accredited systems. The role is primarily concerned with supporting this delivery across the project's platform deployed on AWS infrastructure and any associated Partner systems that require hosting on or connection to the project's platform.

Engagement with key stakeholders including internal project management, Certification Authority representatives, security service providers, other internal IT security personnel and business owners to tailor the scope of responsibility and approach to delivering security controls, artefacts, risk identification and assessment, security testing for deployed security controls and responsibility for risk treatment recommendations
Consideration of and alignment with project schedules such that the certification and accreditation effort supports the business requirement to operate the subject system(s)
Identification, validation and or advocacy for security requirements (functional or non-functional) and dependencies associated with system delivery, transition into service or ongoing sustainment
Development of an Accreditation Plan detailing the elements above with the necessary activities, artefacts and stakeholder contributions required to complete the certification and accreditation process for assigned projects
Ownership for the execution of the Accreditation Plan with reporting as required by the business, project, Certification Authority or other interested stakeholders
Handover of all completed artefacts to operational groups for ongoing sustainment of the accredited system.

This role requires the successful applicant to be an Australian Citizen and hold a minimum NV-1 level Australian security clearance.

Qualifications

About You and What You'll Bring

GRC personnel will have a minimum of five years’ experience in IT Security roles with at least two years’ experience providing GRC services in Australian Federal Government, preferably within the Defence framework.

The following experience is required for GRC personnel:
Current knowledge of and experience with the Australian Government Protective Security Policy Framework (PSPF) and Information Security Manual (ISM) is necessary. Experience working with the Defence Security Practices Framework (DSPF) is preferred
An ability to advocate for security and compliance requirements within the project, and advocate for the project’s approach with external stakeholders is necessary. It is expected that GRC personnel will leverage all available resources to ensure their advice and advocacy in all cases is accurate and practical
An ability to communicate sensitive matters in a respectful and professional manner, enabling decision makers to understand the security implications of their choices prior to delivering their decisions
Once decisions are made, they must be recorded factually and if relevant, introduced risks documented for formal acceptance
An ability to prioritise the importance of security and compliance matters in the context of the subject platform or system is required. This may include the support of Security Engineers, Security Testers or other external stakeholders, however it is the responsibility of GRC personnel to communicate the priority of security elements through the certification and accreditation process.
An ability to provide structural guidance to help mature projects planning, documentation and delivery elements but maintain flexibility to support the delivery approach prescribed by the business.

Certifications:
Any GRC related certification is advantageous with security-related certificates preferred. There is no requirement for iRAP certification.

Additional Information

What You'll Love

At Leidos we look after our staff. Flexible working practices, great team building initiatives, consistent learning and development opportunities, employee discounts and excellent exposure to a variety of technologies and projects are just some of the perks. We are growing and evolving, so it’s an exciting place to be.

Our diverse employees support vital missions for government and commercial customers. Qualified women, minorities, individuals with disabilities and protected veterans are encouraged to apply. Leidos is an Equal Opportunity Employer.