Queensland Treasury Corporation Careers

Description

• Develop and maintain Information Security processes and operational procedures.
• Ensure technical DR processes are maintained across all services, including those delivered by QTC’s key vendors.
• Provide input into the development and maintenance of QTC’s Cyber Security Strategy.
• Develop and manage Cyber Security Risk Management processes with an understanding of business requirements and alignment with cyber strategy with business objectives.

• Ensure compliance with agreed targets and cyber security standards (eg. ACSC Essential 8, ISO27001).
• Develop, maintain and apply a roadmap to ensure alignment with the Cyber strategy and standards.
• Develop, maintain, and evolve QTC’s cyber reporting for all levels of management.
• Support the broader security operations team in the implementation and management of security controls across QTC’s technology environment.

• Work with procurement, legal and business stakeholders across the organization to assess and manage third-party vendor risk.
• Review and assess vendor security certifications to ensure validity and applicability to the service being delivered.  

• Support the delivery of security awareness campaigns.
• Update security training content to ensure it remains relevant to the evolving threat landscape.

• Co-ordinate and support the successful completion of cyber audit and penetrations testing activities across QTC.
• Support the remediation of all findings to ensure they are addressed in the agreed timeline.

• Understanding of Operating Systems: Proficiency in various operating systems like Windows, UNIX, and Linux is crucial for managing security across different platforms.
• Networking Knowledge: A solid grasp of networking concepts, protocols, and security measures is essential for protecting an organization’s network infrastructure.
• Risk Assessment: Understanding of risk assessment activities to identify vulnerabilities and potential threats to the organization’s cyber environment.
• Compliance: Experience in ensuring adherence to relevant cyber security laws, regulations, and standards.
• Threat Modelling: Knowledge of threat modelling tools and techniques to anticipate and mitigate potential attacks.
• Intrusion Detection: Expertise in using intrusion detection systems (IDS) and understanding attack signatures and anomalies that may indicate a security breach.
• Virtualization and Cloud Security: Understanding of virtualization technologies and cloud security principles to secure virtual environments and cloud-based services.
• Cyber Security Frameworks: Familiarity with cyber security frameworks like the NIST Cybersecurity Framework or the ISO/IEC 27001 standard to guide the organization’s security strategy.
• Incident Response Planning: Ability to develop and implement cyber incident response plans to quickly and effectively address security breaches.
• Disaster Recovery: Aligning disaster recovery processes with broader business continuity processes and requirements.
• Input into design processes to ensure alignment with existing security standards and policies.

• Integrity, including upholding strong professional and ethical standards.
• Has developed a deep understanding of what drives each stakeholder (their needs, desires and motivations) Speaks up early and often and takes initiative regarding opportunities for improvement.
• Actively tries to improve knowledge management systems and processes within their team.
• Establishes a positive environment by always acting with positive intent, and assuming positive intent from others.

• Builds trust and confidence with the team by communicating clearly, following through on commitment, values diverse perspectives.
• Holds themselves to a standard of excellence and takes pride in their work.
• Strong communication skills to effectively convey complex technical information to non-technical stakeholders and to collaborate with other departments.
• Ability to lead and manage change, ensuring that the organization adapts to evolving technologies.
• Ability to influence and persuade others to support and implement best practices.

• Requires Tertiary qualification in Information Technology, Computer Science or Computer Engineering or equivalent experience. 

• Certifications in Azure Architecture (AZ-305)
• Industry certifications such as TOGAF, CISSP, CCSP, SC-100, ISO27001, NIST and AZ-500
• Qualifications in Microsoft Power Platform and Microsoft Dynamics.

• 10 years of experience delivering security services in complex, high availability technology environments that deliver critical services.
• 5 year experience in establishing and running operations security governance frameworks.
• Experience implementing public cloud solutions, preferably Microsoft Azure.
• Experience in delivering services through an outsourced I.T support model, where there is a heavy reliance on external vendors to deliver services and solutions.

• 3-5 years experience leading teams of technology professionals.
• Experience within the financial industry.
• Experience delivering services in a government body.