The Organisation

Airservices Australia is a government-owned organisation responsible for the safe and efficient management of 11% of the world’s airspace and provision of aviation rescue fire fighting services at Australia’s busiest airports.

Our people are our greatest asset with a dynamic and diverse team operating from locations across the country - from bustling cities to regional and remote locations, including an island. This team keep Australia’s aviation industry safe every day of the year, both in the air and on the ground.

We connect people with their world safely – linking family and friends, generating economic activity, creating jobs, and facilitating trade and tourism.

Airservices is committed to fostering a culture that is diverse, inclusive, and respectful. We encourage motivated individuals who love what they do, value a service first mindset and embrace a challenge to explore a career with Airservices. In return you will be a valued team member, be offered flexibility and experience a meaningful career in an exciting, ever-evolving aviation industry.

The Role & The Team

Reporting to Deputy Chief Information Security Officer, you will be leading a national cyber security risk governance practice to assess the Cyber Security environment and determine what the governance requirements of the organisation are and develop strategies to address this. The Cyber Security Design and Assurance Lead is a key role providing strategic and operational leadership and direction in Cyber Security governance, risk assurance, audit and compliance to ensure that Airservices Cyber Security strategic objectives are achieved and that information resources, particularly those critical to the functioning of Airservices, are secured effectively from threat while enabling the business to operate effectively.

This role will closely collaborate with other areas in the Cyber Security team, including Cyber Education, Strategy and Architecture, and Cyber Operations (SOC, IR, CTI, Vulnerability Management)

People enjoy working in our dynamic and collaborative team because of the sense of purpose and ability to shape our organisational future and to leave a positive legacy. You will be surrounded by supportive and encouraging Cyber Security experts with vast sector experience who will provide you a genuine opportunity for role diversity and the opportunity to make difference in your role. You will thrive working under a passionate and experienced highly respected industry leader who is determined to continually innovate, exceed and achieve.

Please see the link below to view the full Position Description:

PD - Cyber Security Design & Assurance Lead (New).pdf

The Person

You will collaborate with other major areas in the Cyber Security team assisting Airservices achieve Cyber Resilience. Working with the Cyber Security Operations Lead and Cyber Security Solutions and Strategy Lead, you will use your experience and technical skills to provide security advice to help develop, manage and maintain effective controls across the environment.

You are a key part of our control lifecycle, and you will be responsible for monitoring, identifying deficiencies and working with SysTAs and BMLDS to ensure a path for remediation of ineffective controls, or appropriate risk management, is in place. You have a passionate understanding of the risks, the controls in place to mitigate them, and how their effectiveness can be monitored, remediated as required as well as an understanding of how these requirements are then fed into design, assurance, strategy and asset planning activities.

You strive to achieve Cyber Resilience through effective use of existing capabilities and longer-term planning to ensure we remain relevant, and up to date in our approach cyber security, by facilitating the feedback loop from information security operations.

You will be a source of expert information and advice to stakeholders, Managers and key people across the organisation and act as a key design and assurance authority for the business units and Security Service Providers. You will provide operational feedback and contribute to developing and reviewing solution architectures. Your technical advice regarding security technical standards and strategies will be highly trusted.

*We guarantee that no two days will be the same, and that every opportunity you have, will help you grow to be a more rounded cyber specialist by providing you the opportunity to work across all areas at Airservices*

The successful applicant will have:

• Exceptional skills and experience in providing Cyber Design and Assurance services in a high paced complex enterprise.
• Comprehensive working understanding of Australian government security requirements (ISM, PSPF, etc)
• Understanding cyber risks and the ability to design and assure solutions to provide effective security controls in traditional ICT and operational technology (OT) environments
• Ability to translate complex technical security issues through a business lens
• Demonstrated experience in cyber assurance functions with a focus on risk analysis and alignment to government and industry cyber standards.
• Demonstrate understanding of IT Security Management principles and delivery within an ITIL-based operational framework.
• Good written and verbal communication skills, including presentations and reporting.
• Understanding of security architecture and technologies with a focus on developing, evaluating, and critiquing designs and integration approaches:
• Extensive experience in managing cyber security using a risk-based approach
• Working Knowledge of Risk Management, and its application in an information security context
• Review and contribute to security assessments
• Understanding of:

• NIST 800-39 Managing Information Security Risk, and

NIST 800-37 Risk Management Framework for Information Systems

We require the successful applicant to possess the following Qualifications:

• Formal academic qualifications in an Information Communications Technology (ICT) discipline or Cyber Security are highly desirable.
• Industry recognised qualifications in at least two of the following or similar are essential

• SEC488: Cloud Security Essentials
• ICS410: ICS/SCADA Security Essentials
• CISA – Certified Information Systems Auditor
• CRISC – Certified Risk and Information Systems Control
• CGEIT – Certified in the Governance of Enterprise IT

Airservices Australia is a diverse and inclusive employer that recognises the benefits of having a workforce that reflects the communities in which we work. We encourage applications from diverse groups including Aboriginal and/or Torres Strait Islander people.

Security Clearance

Baseline or NV1

To be eligible to apply, you must be an Australian citizen as an Australian AGSVA security clearance is required for this role. Please refer to the security check requirements successful applicants will be required to undertake as part of the recruitment process.

Should you require any further information please contact Sadeed Tirmizey, Deputy CISO at Sadeed.Tirmizey@airservicesaustralia.com

How to Apply

To apply for this position please lodge an application online before Applications close 11.55 pm (AEST) 31st MAY 2022.