Information Technology Services provides a wide range of IT facilities and support services to ASIC. We are embarking on major technology projects that will transform our business and continue our significant technology transformation in several areas such as virtualisation, data analytics, mobility and cloud.
The IT Security team is responsible for protecting ASIC’s information and technology assets and environments, providing an IT security advisory service for ASIC, and managing a security framework where applications and systems meet government controls and baselines.
- Follow ASIC’s change management process when upgrading, implementing or making changes to security technologies.
- Deliver and update a Security Operations Metrics Dashboard including tracking of open post implementation reviews, number of open and aged incidents, recent production issues, upcoming upgrades, and the status on continuous improvement actions.
- Undertake vendor management of third-party suppliers responsible for providing managed services to ASIC (including firewalls, IPS, RADIUS authentication, secure email gateways and internet gateways) to ensure that services are being delivered as contracted.
- Assist with the preparation and delivery of security awareness programs.
- Guide, mentor and support junior members of the IT Security Operations Team.
- Investigate, respond to, and report on, IT security incidents as directed.
- Lead the business as usual (day to day) operational management of ASIC’s security operations.
- Manage the IT Security Operations queue in ASIC’s ITSM application (currently Remedy) to ensure that incidents are managed to meet agreed service levels and regularly updated.
- Implement, upgrade and enhance security technologies to ensure currency including the creation and maintaining of supporting documentation and procedures.
- Maintaining security technologies to ensure control effectiveness, addressing of identified vulnerabilities, and to meet agreed service levels.
Qualification & Experience:
- Formal ITIL qualifications would be highly regarded.
- Demonstrated knowledge of Information Security principles and practices.
- Experience in incident, problem, change and release management, based on the ITIL framework.
- Demonstrated experience in an Information Technology role, with experience in information security.
- Formal IT security certifications are desired. Examples include Certified Information Systems Security Professional (CISSP) and relevant Global Information Assurance Certification (GIAC).
- Relevant tertiary qualifications in IT and/or equivalent related work experience.
- Strong interpersonal, communication including report writing skills.
- Understanding of cloud and SaaS platforms including authentication methods and security monitoring of these environments is highly desirable.
- Demonstrated technical knowledge relating to:
- System hardening across a range of operating systems and applications
- Networking, network perimeter security technologies, including firewalls (Fortinet, IBM Datapower and Checkpoint), IPS/IDS, web content filters, secure email gateways (Clearswift), and remote access (Pulse Secure).
- Web proxies (Bluecoat) and CASB (Netskope)
- Windows host-based security technologies (Windows Firewall, AppLocker, Group Policy and operating system hardening).
Vacancy Type: Full Time
Job Location: Victoria, AU
Application Deadline: N/A