TasICT member Vital Advisory has an exciting position available for a Senior Information Security Consultant. They have advised TasICT of the details below, and expressions of interest should be directed to: VAISHALI SHAH on 0410 379 407 or vaishali.shah@vitaladvisory.com
This role supports Vital Advisory in the delivery of consulting and advisory services to our clients. The role has scope for you to further develop your knowledge and experience to create practical solutions to meet our clients’ security, risk and governance needs.
Your client-related work may include:
• Designing, developing, implementing, and operating Information Security Management Systems and/or Privacy Information Management Systems
• Assessing and developing security capabilities
• Performing business, threat and technical risk assessments
• Developing pragmatic documentation such as security and/or privacy policies, standards and other guidance
• Delivering presentations, workshops, management meetings and other events
• Undertaking third party and other security assessments
• Performing controls assessment activities, such as controls self-assessments, assurance testing, and audits
In addition to delivering services to our customers, other key requirements of this role are:
• Business acumen and understanding of business context and drivers for security and control
• Ensuring timely and high-quality delivery of services to customers
• Maintaining a high level of professional ethical standards
• A commitment to ongoing learning for personal and professional development
• A commitment to collaboration within the team and with our clients
• Ability to coach and manage other staff, as required
The key knowledge areas for this role are:
• Knowledge of information security and related frameworks (such as ISO27001, ISO27701, NIST CSF, CSP234, PCI-DSS)
• Knowledge of risk and governance frameworks (such as COBIT5, ISO31000)
• Knowledge of Information Technology concepts, techniques, approaches, architectures, etc.
Soft skills are also important in this role and include:
• Ability to work as part of a team as well as independently
• Initiative and commitment to continual improvement
• Flexibility with scheduling and work allocation
• Analytical ability to break down problems into constituent parts to develop solutions
• Effective communication skills and expertise, such as in translating technical jargon into business language
• Proven ability to analyse, assess and/or audit an IT environment to recommendations and improvements
Qualifications and Certifications:
We see qualifications and certifications as a demonstration of both your expertise and your commitment to the profession. For this role you may have:
• Certified Information Security Manager certification (CISM)
• Certified in Risks and Information Systems Control (CRISC)
• Certified Information Systems Auditor (CISA)
• Certified in the Governance of Enterprise IT (CGEIT)
• Certified Data Privacy Security Engineer (CDPSE)
• Certified Information Systems Security Professional (CISSP)
• A bachelor’s degree in computer science, cyber-security or a related field
Relevant experience should include:
• At least five years’ experience in information security, IT, privacy, audit and/or risk
• Solid understanding of information security
• Sound project management and communication skills
• Good knowledge of data protection and privacy regulations
• Use of technology such as Confluence, JIRA and Sharepoint