Cyber Implementation Lead Location: Sydney CBD. WFH 2 days Candidate rate: $1123 per day Contract length: till 30 June 2027 Purpose An experienced Implementation Lead with a Cyber Security background in the Australian Government is required to join the department as part of the Cyber Uplift Programme. This role reports to the Cyber Programme Manager and will support the designated Project Managers from a project performance reporting perspective. The implementation lead will be responsible for leading the technical implementation of the agency’s ACSC Essential 8 and cyber security posture uplift program working in close partnership with the Enterprise Security Architect, vendors and the project team to deliver program streams of work, operationalise security architecture patterns, and provide hardening guidance. This role provides leadership to a multidisciplinary technical delivery team, ensuring that mitigation controls are implemented consistently acrossa hybrid environment in alignment with ASD ISM, ACSC Essential 8 framework and zero trust principles. Key accountabilities Collaborate closely with the enterprise security architect, project managers, stakeholders, operations, and vendors to deliver cybersecurity streams of work. Lead cross-function coordination, serving as the primary point of contact for vendors and teams across infrastructure, cloud, identity, security operation centre and application domain. Communicate progress, risks, and dependencies to program governance stakeholders in a clear business-focused language. Validate implementation of Essential 8 controls through technical assurance, testing and configuration baseline. Establish and monitor key metrics for measuring control maturity and effectiveness. Contribute to assurance and governance by defining repeatable validation and continuous improvement. Develop project delivery and implementation plans for support employee and stakeholder adoption of technical outcomes. Provide weekly project update with technical status and reports to track progress of each security control rollout. Skills and experience Demonstrated experience delivering a multi-stream cybersecurity programme across an enterprise, preferably in a government environment. Proven ability to lead the delivery of Essential 8 mitigation strategies to uplift the maturity level. Proven leadership delivering cyber security posture uplift across a complex hybrid government environment. Extensive experience in the Microsoft enterprise environment and Windows platforms. Experience in collaborating with and influencing stakeholders to manage expectations and reach an agreement. Experience in building technical implementation schedules and providing regular status tracking. Demonstrated knowledge and delivery experience in below technologies: Demonstrated implementation leadership across Microsoft identity and access technologies, including Microsoft Active Directory, Microsoft Entra ID, Group Policy, Microsoft Conditional Access, Multi-Factor Authentication (MFA), Passwordless authentication, Identity Governance and Administration (IGA), Role-Based Access Control (RBAC), and least-privilege operating models, with strong familiarity across Microsoft Defender security suites. Strong understanding of Zero Trust principles and ability to translate them into practical control designs and deployment plans across identity, endpoint, network, and cloud environments. Experience working closely with a Security Operations Centre (SOC), supporting operational readiness, incident response integration, monitoring uplift, and smooth transition to business-as-usual. Working knowledge of Security Information and Event Management (SIEM) practices, including log source onboarding, correlation and alert use-case development, tuning, and reporting. Cloud security delivery experience, including hardening, baseline configuration, secure deployment patterns, and continuous monitoring. Strong networking fundamentals, including next generation firewalls, Virtual Private Network (VPN) technologies, network segmentation, and network monitoring. Experience implementing enterprise application control (allowlisting/whitelisting) solutions, including policy design, exception management, and governance operating model uplift. Solid foundation in Public Key Infrastructure (PKI) trust chains, certificate lifecycle management, and implementation of code signing and digital signature validation to support application integrity and trust. Experience implementing and operationalising Privileged Access Management (PAM) capabilities, including onboarding, approval workflows, privileged session controls, and reporting. Capability to deliver user application restriction enforcement across endpoints, balancing security outcomes with business usability through structured exception processes. Familiarity with Data Loss Prevention (DLP) and data classification practices, including control design, change management, rollout planning, legal and stakeholder engagement. Desirable Backup and disaster recovery exposure (desirable). Project delivery experience, including planning, dependency management, and stakeholder coordination (desirable). Does this sound like you? Apply now! For any questions, feel free to email Tito Tealdo - titob@eitr.com.au I 0434418729
