The Cyber and Risk Analyst is accountable for the planning, identification, implementation, control, review, audit and assurance of security risks.
The role will be responsible for identifying, prioritizing and mitigating these risks while ensuring compliance with best practices in design and delivery of technology solutions.
The Cyber and Risk Analyst is responsible for ensuring that supported infrastructure systems and applications have established and agreed cyber security controls and associated operational processes.
This role is also required to ensure appropriate levels of user community communications and engagement to promote a strong cyber resilient culture in the organization.
This role requires a collaborative Cyber and Risk Analyst who will partner with Digital and Technology teams to deliver solutions while mitigating risks through continuous and incremental uplift in cyber maturity.
This role will inform, support, and educate internal Digital and Technology resources, the end user community and managed services partners.
- Support and guide individual risk owners in performing information security and technology risk assessments, for example delivering community services, health, disabilities or aged care.
- Develop, improve, integrate, measure, and report on processes and controls applying industry best practices for cyber security.
- Identify and work with stakeholders, delivery teams, vendors & managed services providers to gather security requirements and understand control gaps.
- Facilitate ongoing reviews and help drive a culture of continuous improvement across the business, service providers, tools and processes.
- Undertake security service level compliance monitoring, ensuring risks or potential breaches are flagged, along with recommendations to mitigate or resolve security issues.
- Develop monthly reporting in conjunction with respective Delivery Managers and Business Relationship Managers for presentation to leadership and Business representatives.
- Perform 3rd party risk assessments
- Support the operation and maintenance key security platforms and systems.
- Participate in cyber operations and activities to maintain security posture - I.e. request approvals, management of Email Security Gateway
- Experience with email security gateway or M365
- Cyber platform exposure e.g. IDAM, SIEM, vulnerability scanning, EDR