Temporary full time opportunity until Dec 2025
DCS Grade 09/10
Sydney based role - hybrid working arrangements available
The Department of Customer Service offers flexible working arrangements and work / life balance, hybrid working opportunities, flexible start and finish times and flex days off in addition to your normal annual leave entitlements.
The Department of Customer Service (DCS) is undertaking an ambitious digital transformation of government services.
Government Technology Platforms (GTP) forms part of Digital NSW, an agency within DCS, and delivers digital capabilities and infrastructure solutions to many NSW Government agencies.
About the role:
This is an exciting opportunity to work within Government Technology Platforms to perform Security Risk Assessments on new and existing applications delivered to the whole of NSW government.
The role will operate and further improve the Security Risk Assessment framework and processes used to assess all solutions within Government Technology Platforms. This is a wholistic assessment, considering not only technical controls, but also supporting compliance and governance processes and contractual relationships with third parties.
About you:
You have experience performing risk assessments for new solutions, where you have provided guidance to stakeholders in line with industry best practices, internal policies, and standards to ensure secure-by-design.
On a day-to-day basis you enjoy working and collaborating with different product teams to ensure security is appropriately considered during the design and delivery of customer centric solutions.
Designing and improving processes is considered a strength of yours.
You enjoy stepping outside of your comfort zone and increasing your skillset.
Your role will involve:
·Collaborating with Product Owners to understand their proposed solution design, integrations, and data flows. These solutions may comprise of a combination of in-house designed web applications, vendor XaaS products, and other associated components.
·Providing technical security guidance in line with industry frameworks and standards including NIST, CIS, OWASP, SABSA, COBIT and/or TOGAF.
·Ensuring that any solution complies with internal policies, standards and compliance procedures.
·Coordinating penetration tests with an external provider, aiding internal technical teams with interpreting results and making suggestions for potential remediation.
·Work with stakeholders to assign risk ratings for assessment findings in line with risk management framework; then helping to navigate these risks through remediation and risk acceptance processes.
·Lead the maturity of the security risk assessment process, including improvement of templates and documentation.
Note that this is not a hands-on technical role, but you will be required to use your technical security knowledge to ensure that solutions are appropriately assessed and are compliant before go-live.
To be successful you will have some of the following:
·Proven track record performing security risk assessments for solutions. (mandatory)
·Strong understanding of web applications, APIs and their vulnerabilities.
·Strong knowledge and understanding of relevant industry standards and frameworks which may include OWASP, NIST, CIS, SABSA, COBIT, TOGAF and ISO-27000 series.
·Very good stakeholder engagement and communication skills – the candidate should demonstrate ability to consult, facilitate and adapt the engagement approach to cater to a diverse range of stakeholders.
·Understanding of Cloud technology and compliance (As-a-Service).
·Understanding of communication, network & security protocols, cryptography, authentication & authorisation, certificate management, Identity & Access Management and threat modelling.
One or more certifications related to the above-mentioned criteria would be viewed favourably, although are not mandatory. Examples may include: CompTIA Security+, CISA, CRISC, CISM, CISSP, ISO27001 LA/LI, AWS/Azure Security.
If you meet most of the requirements above, we want to hear from you.
To learn more about this opportunity, please access the role description. Please note, our role descriptions are generic and may not have the same role title as the opportunity advertised.
Salary Grade 09/10, with the base salary for this role starting
at 120859 base plus superannuation
Click Here to access the Role Description. For enquiries relating to recruitment please
contact Swathy Mohan via swathy.mohan2@customerservice.nsw.gov.au.
Visit the
Capability Application Tool to prepare for the recruitment process by accessing
practice application and interview questions based on the focus capabilities
listed in the role description.
Closing Date: 09:59 am, 15 Oct 2024
Careers at Department of Customer Service
A career at the Department of Customer Service (DCS) gives
you the opportunity to help improve government services and be part of reform that
benefits people across NSW. We are
focused on delivering excellent customer service, digital transformation, and
regulatory reform. Come join us and influence the future of our great state.
Belong in our diverse and inclusive
workplace
The
strength of our workforce lies in its diversity and embracing difference, while
the key to our success is leveraging the contributions of employees with
different backgrounds and perspectives.
You can view our full diversity and inclusion statement here.
We want you to bring your best self to this application process. If you feel you may require an adjustment during the recruitment process, please contact our Diversity, Equity and Inclusion team via swathy.mohan2@customerservice.nsw.gov.au or 02 9494 8351.
For more information, please visit
Information on some of the different types of disabilities
Information on adjustments available for the recruitment process