Cyber Security Grc Analyst - Lewisham, Australia - St Vincent de Paul Society

St Vincent de Paul Society

Verified Company

Lewisham, Australia

5 days ago

Posted by:

Olivia Brown

beBee Recruiter

Description

Job No:

VIN3186
***
Location:
Lewisham
***:

Opportunity to make a difference in a purposeled organisation

-
Hybrid way of working - work/life flexibility options:

Not-for-profit salary packaging tax free benefits, increasing your take home pay
The _
_St Vincent de Paul Society__ is a leading provider of community support services, whose _values_ it is to shape a more just and compassionate society we truly care about what we do and the difference we make to people's lives. _We believe our employees are key to our success and offer Learning and Development programs to enhance and grow your career across a range of teams and services. We have a continuing commitment to engaging and retaining our people who are recognised for their achievements and are offered promotional opportunities on a meritocracy basis within a collegiate and values driven team environment and culture._

Your new role:

Reporting to the cyber security manager, the
Cyber Security GRC Analyst will contribute and provide support to the management and operations of the cyber security functions a key element of this role will be to develop and maintain information security policies and workforce training and awareness for St Vincent de Paul Society.

The GRC Analyst serves as a critical resource for staff and leaders regarding information security policy implementation, interpretation, and compliance.

Your responsibilities:

The GRC Analyst is responsible for reducing information security and cybersecurity risk to the society by helping to prioritise and drive remediation efforts throughout the organization through the following:

Establishing and maintaining governance and compliance standards.
Conducting audits and risk assessments to identify vulnerabilities internally and within vendor or thirdparty supplier products.
Creating, maintaining, communicating, and enforcing information security policies.
Advising senior leadership on risk management strategies, including risk mitigation, risk reduction, risk transfer, the risk exception process and residual risk analysis.
Participate in the management and operations of cyber security function.
Developing and maintaining risk aware culture.
Under the guidance and support of Cyber Security Manager, the GRC Analyst should work independently executing and managing cybersecurity and risk function in consistent with local and global regulations and established frameworks. The GRC Analyst holds team and organisation level responsibilities and may be assigned leading small to medium scale projects. The analyst works with staff members belonging to primary business functions, technology services teams and external vendors providing solutions and services to society, and any partners and affiliates.

Responsibilities Domains:

Maintain information security management system based on NIST CSF, ISO/IEC 27001, NIST SP 800 underpinning established and planned controls.
Cyber security maturity assessments, technical risk assessments and supplier risk assessments.
Cyber security performance metrics and reporting. Author quality documentation, reports, and dashboards.
Cybersecurity and technology design principles and security architecture blueprints.
Security assurance and technical reviews of business and technology solutions.
Security requirements and test cases for business solutions and technology solutions.
Change management; review and approval for infrastructure and business solutions
Support for internal audits and external reviews.
Identity and Access management solution design and related controls. IGA, PAM, CIAM.
User provisioning and deprovisioning policies and procedures.
Workforce security awareness activities including culture, awareness, and training.
Design and deliver security awareness session and training, custom content and reporting.
Vulnerability and patch management. Microsoft Defender Suite, Qualys

Security Operations

Incident detection and response management.
Data privacy and data security data loss prevention

You will need:

Applied knowledge of SABSA security architecture business driven cybersecurity risk management.
Well versed in cybersecurity standards and frameworks ISO/IEC27001:2013, NIST SP 80053R5, NIST CSF, ISO/IEC27004, Australian Information Security Manual, Essential 8. with applied knowledge in implementation, security audits and assessments.
Development and implementation cybersecurity and underpinning policies. Participation as a lead or contributor in 2 life cycle implementations.
57 years of demonstrated experience in cyber security especially cloud dominated computing environments.
Technology based security risk assessments.
Security assurance for business solutions and technology systems
Must Microsoft Security Suite (MSCA)
Defender Suite
M365 Security Centre
Purview
Sentinel

Vulnerability management tools