Information Security Analyst - Internal Only

About the role

The Information Security Analyst role is responsible for assisting with the implementation, operation, and improvement of the Infoxchange’s information security program across the domains of people, process and technology under direction of the Information Security Lead.

This involves working with stakeholders across the organisation to embed and sustain information security practices in alignment with organisational goals and social objectives.

It will also be required to engage with and deliver information security services to Infoxchange customers in a consulting capacity.

Reporting to the IT Services Delivery Manager, the Information Security Analyst will be responsible for:

• Assisting with the operational requirements of running the activities on the information security calendar, under guidance from the Information Security Lead
• Assisting with the maintenance of information security management system documentation (policies, standards and procedures) based on changes in the internal and external environment of the organisation
• Participating in information security working group discussions to understand issues and risks related to security across the organisation and contribute to decisions and improvement actions
• Contributing to a security awareness and training communications plan for use across the organisation including a plan to support external information security partner programs within Infoxchange
• Liaising with staff to conduct information security risk assessments for projects or initiatives, and recommend security controls to address risk
• Maintaining an awareness and understanding of technology stacks and security architecture in use across the organisation and work with technical teams to provide advice on best practice configuration and/or configuration changes required based on threat intelligence and vulnerability scan information
• Liaising with staff and suppliers to implement, maintain and support the operation of security products and solutions deployed at the organisation
• Being a core part of the security incident response team and liaise with stakeholders across the organisation as part of incident response activities
• Assisting with the collection of metrics and measurements to provide indicators of the performance of the information security program, including evidence required for security audit purposes
• Participating in learning opportunities to gain understanding of changes to the threat landscape, emerging trends in technology and security process improvement

About you

To succeed in this role, you will have:

1. Bachelor’s degree or equivalent majoring in IT, Computer Science or equivalent, or working towards
2. A good understand of information/cyber security concepts and terminology including security controls and risk management terminology
3. A technical background with understanding of computer networks and concepts of secure systems design and development
4. Understanding of the technical aspects of information security including network security controls such as firewalls, network segmentation etc
5. Strong written and verbal communication skills
6. A proactive, collaborative approach to problem solving
7. Demonstrate accountability and commitment to fulfill the duties and responsibilities of the role
8. A desire to learn, be innovative and continuously improve personally and professionally to make a difference in the not-for-profit and community services sector
9. An understanding of what good customer delivery entails

It would be desirable if you also had:

1. Knowledge of and experience working with information security frameworks, standards and principles such as ASD Essential 8, ISO27001/2, NIST
2. Information security certifications/qualifications: Comptia Security+, Certificate in cybersecurity
3. Experience implementing security awareness programs

Applications close Friday 21 April 2023.

To express interest in this position, please click on the apply button.