Lead IT Security Analyst

Company Description

Every institution values excellence. What matters most is why.

Griffith was created to be a different type of university. You’ll find we’re about leading research, academic excellence, and the transformative power of education. But what sets us apart is why those things matter and how you’ll achieve them.

Why? Griffith brings together exceptional minds like yours from across the globe and from all walks of life. Here, we do incredible work, questioning and challenging, always in the pursuit of excellence.

Digital Solutions. A team you’ll want to be a part of.

When you join Digital Solutions, you’ll be part of a team that delivers impact by enhancing digital experiences for the graduates of tomorrow, researchers of today and all those working to make it a brighter future.

But we know it’s not just what you do that matters, it’s who you do it with. Our people will tell you – our team sets us apart. We promise a supportive and friendly environment where you’ll collaborate to make an impact.

Make it matter. Join Digital Solutions at Griffith.

Job Description

About the opportunity 

Griffith University is recruiting for a Lead IT Security Analyst to join an established IT Security team within Digital Solutions. This will be a varied role which will have accountability for day-to-day cyber threat defence and response activities for security events and incidents. You will help drive continuous improvement to ensure the organisation's cyber resilience and maturity.

The Lead IT Security Analyst reports directly to the Senior Lead – Cyber Security. The primary purpose of this position is to provide direct support and technical guidance on protecting computers, networks, programs and data from unintended or unauthorised access, change or destruction.

As a leader within the cyber security team, the role will provide expert cyber security advice and guidance to Griffith University staff and students, ensuring Griffith University’s cyber defences are fit for purpose in terms of people, processes and technologies.

The role will conduct comprehensive assessments of operational and technical security controls, identify, prioritise and lead remediation activities on vulnerabilities and ensure that all aspects of cyber security are effectively coordinated.

Key responsibilities include, but are not limited to, the following:

• Ensures that incidents are handled according to agreed procedures. Investigates escalated incidents to responsible service owners and seeks resolution. Facilitates recovery, following resolution of incidents. Ensures that resolved incidents are properly documented and closed. Analyses causes of incidents and informs service owners in order to minimise probability of recurrence and contribute to service improvement. Analyses metrics and reports on performance of incident management process.
• Reviews corporate information security policy, standards and guidelines and informs on areas for improvement. Identifies and monitors environmental and market trends and pro-actively assesses impact on Cyber Security processes and risks. Leads the provision of authoritative advice and guidance on the requirements for security controls in collaboration with experts in other functions such as legal, infrastructure management, software development etc. Ensures architectural principles are applied during design to reduce risk and drives adoption and adherence to policy, standards and guidelines. Helps ensure that the policy and standards for security administration are fit for purpose, current and are correctly implemented. Reviews technical changes and provides specialist advice on security issues and implications.
• Actively maintains recognised expert level knowledge in one or more identifiable specialisms (such as Endpoint Protection, Vulnerability Management etc.). Provides definitive and expert advice in their specialist area(s). Oversees the provision of specialist advice by others, consolidates expertise from multiple sources, including third party experts, to provide coherent advice to further organisational objectives. Supports and promotes the development and sharing of specialist knowledge within the organisation.
• Support individuals and groups. Assists the team with responsibilities and/or packages of work, including mentorship responsibilities. Delegates responsibilities as appropriate. Provides effective feedback to enable optimum performance. Proactively works to ensure effective working relationships within the team and with those whom the team interacts with. Provides support and guidance as required, in line with individuals’ abilities. Advises individuals on career paths and encourages pro-active development of skills and capabilities and provides support for professional development.
• Identifies the communications and relationship needs of stakeholder groups. Translates communications/stakeholder engagement strategies into specific activities and deliverables. Facilitates open communication and discussion between stakeholders, acting as a single point of contact by developing, maintaining and working to stakeholder engagement strategies and plans. Provides informed feedback to assess and promote understanding. Facilitates business decision-making processes. Captures and disseminates technical and business information.
• Coordinates and manages planning of penetration tests, within a defined area of business activity. Delivers objective insights into the existence of vulnerabilities, the effectiveness of defences and mitigating controls - both those already in place and those planned for future implementation. Takes responsibility for integrity of testing activities and coordinates the execution of these activities. Provides authoritative advice and guidance on the planning and execution of vulnerability tests. Defines and communicates the test strategy. Manages all test processes and contributes to corporate security testing standards.
• Lead and promote compliance with relevant legislation and University policies and procedures, including equity and health & safety and exhibit good practice in relation to same.
• Be a leading example of the principles and values embodied in the University’s Code of Conduct, and behave, act and communicate at all times to reflect fairness, ethics and professionalism.
• Have highly developed skills in a wide range of Cyber Security solutions (i.e SIEM, SOAR, Firewalls, IPS/IDS, Vulnerability management, EDR/XDR, WAF etc);
• Knowledge and experience using ISO 27000, NIST or other applicable security frameworks.

About you

• To be successful within this role, you will be able to demonstrate significant knowledge and experience in managing various IT projects. You will also display evidence of:
• Postgraduate qualifications in information systems and/or equivalent extensive relevant experience with a minimum of five years IT security experience.
• Demonstrable experience and technical fluency in cyber security operations, security architectures, systems and methods used to protect information assets.
• Knowledge of common information security management frameworks, such as ISO 27001, and NIST.
• Experience and expert knowledge in threat monitoring and detection, incident response and remediation.
• Proven experience in risk assessment and vulnerability assessment and analysis, including identifying and coordinating associated remediation activities.
• Ability to direct and mentor a team of security analysts and architects across activities and coordinate a diverse range of cyber security activities across a complex technical environment.
• Well-developed oral and written communication skills, including report writing and ability to make presentations at various forums.

Desirable:

• Professional certifications including CISSP and/or CISM
• Experience in team mentoring and developing staff capability.
• A working knowledge of cyber security threat trends, hunting and analysis techniques.
• Experience working in a Higher Education environment.

Applicants must have unrestricted work rights, sponsorship is not available for this position. Successful candidates will be subject to a criminal history check.

What we can offer

This is a continuing full-time opportunity based at Brisbane South (Nathan). As Griffith is a multi-campus University you may be required to work across other locations. Griffith University’s campuses are located on the lands of the Yugarabul, Yuggera, Jagera, Turrbal, Yugambeh and Kombumerri peoples.

HEW 10 Salary - $142,222.18 + 17% super. Full package - $166,399.96.

Additional Information

Why join Griffith?

As a values-led organisation, at Griffith University, we've worked hard to create a dynamic and strong organisational culture. We offer:

• Wide range of Learning and Development opportunities
• Mix of on campus and work from home options available and a supportive work environment
• Salary packaging options and corporate health discounts
• Generous leave entitlements including paid parental leave and leave loading
• Support with future learning opportunities through our educational staff assistance scheme
• Opportunities for internal mobility
• Health Safety and Wellbeing initiatives – on campus Gym facilities

At Griffith, we’re committed to providing a safe and inclusive environment for all - whoever you are and wherever you’re from. If you require any accommodations, we welcome you to let us know so we can work with you to participate fully in our recruitment experience.

Griffith University values diversity, inclusion and flexibility and we encourage Aboriginal and Torres Strait Islander, and people of all backgrounds to apply. For more information please visit our Equity, Diversity and Inclusion page. Griffith University also maintains a strict zero-tolerance policy against all forms of modern slavery. For more information, please refer to Griffith’s Modern Slavery Policy.

How to apply

Please submit your application online and ensure it includes the following:

• A covering letter outlining your suitability for the role, please refer to the qualifications above and the position description.
• Current curriculum vitae/resume including full contact details

For application and recruitment advice please reach out to Laura Whitworth, Talent Acquisition Partner on l.whitworth@griffith.edu.au

Closing date: Open until filled. All applications must be submitted online.