Must have NV1 or NV2 clearances (non-negotiable) Immediate or 4 weeks notice start *Urgent roles Cyber Engineering 4 x Cyber GRC Analysts - NV1 - SCTY 5 Cyber Governance Risk and Compliance Analysts will work alongside project teams, Engineers, Solution Architects and systems integrators to analyse and document cyber security risks. They will be responsible for developing and delivering Security Documentation Packs (E.g. Systems Security Plans, Continuous Monitoring Plan, Incident Response Plans, and Security Risk Management Plans) to support the achievement of Authority to Operate (ATO) in consultation with the clients Cyber and Information Assurance Branch. Ensure alignment with the relevant security publications and frameworks such as the ISM, Essential 8 and the Security Principles Framework. Risk Management including identifying, assessing, and mitigating cyber security risks through various methods like threat modelling and vulnerability assessments. Assessing the security posture of third-party vendors and ensuring they meet the organisation's security requirements. Manage the ATO-C/ATO process. Consultation to ensure compliance with all assurance and governance requirements identified. Internal and external stakeholder management in support of achieving ATO-C/ATO. Desirable skills/qualifications: Information/cyber security and cloud qualifications are highly desirable and/or 5 years minimum experience: CISSP, CCSP, CRISC, Security Azure Solutions Architect Expert , Azure Security Engineer Associate, Identity and Access Administrator Associate AWS Certified Cloud Practitioner, AWS Certified Solutions Architect - Associate or Professional, AWS Certified Security - Specialty Google Cloud Professional 1 x Cyber Security Engineer/Architect (Security Logging and Monitoring) - NV1 - ARCH 5 Cyber Security Architects will work alongside project teams, Engineers, Solution Architects and systems integrators to lead/influence security components of solution designs. Provide practical advice and guidance on secure systems design and implementation to enable delivery of architectural patterns, diagrams and design documents. Verify that existing and planned solution components are compatible with client's architectures, patterns, frameworks, standards and practices. Evaluate and assure solution architecture documentations, including documentation and resources required by the client's Cyber Security Assessment & Authorisation Framework. Have deep understanding of secure-by-design and secure-by-default methods and cyber security best practices, along with proven experience in applying these methods and practices to ICT systems. Have a deep understanding and practical experiences with the Information Security Manual, ASD's Blueprint for Secure Cloud and system hardening guidance is required. Desirable skills/qualifications: Experience in DevSecOps systems development. Qualifications on Azure, AWS and Google Cloud Platform is highly desirable and/or 5 years minimum experience: Azure Solutions Architect Expert , Azure Security Engineer Associate, Cybersecurity Architect Expert AWS Certified Cloud Practitioner , AWS Certified Solutions Architect - Associate or Professional, AWS Certified Security - Specialty Google Cloud Professional ISSAP Security Architecture, CISSP, CCSP
