Governance, Risk, Compliance & Vulnerability Management Manager

Company Description

Leidos is a Fortune 500® Technology, Engineering, and Science Solutions and Services leader. Leidos' 47,000 global employees support vital missions for government and commercial customers. Headquartered in Reston, Va., Leidos reported annual revenues of approximately $15.4 billion for the fiscal year ended December 29, 2023.

Leidos Australia has been a trusted partner to the Australian Government, including the Department of Defence, for more than 25 years, having delivered some of the most complex software and systems integration projects in Australia. With a local workforce of around 2,000, of which 85% hold a government security clearance, we have one of the largest security-cleared workforces in Australia. Our team is also backed by Leidos' global expertise, experience and capabilities.

Job Description

We have an ongoing opportunity for a Governance, Risk & Compliance (GRC) and Vulnerability Management (VM) Manager to join our team delivering comprehensive cybersecurity services to support the Australian Defence Forces. 

This role requires an understanding of the needs of the end user, the ability to provide cyber security assurance and advisory services in a secure environment and has scope for you to improve the customer’s operational capabilities. You will head the GRC and VM areas for our customers networks and be responsible for ensuring compliance with the applicable Information Assurance (IA) frameworks, policies, and standards with particular focus on the Information Security manual (ISM) and Defence Security Principles Framework (DSPF). You will also be supporting cyber security risk management activities, including the assessment and mitigation of vulnerabilities exploitable by relevant threats. Your responsibilities will include the following: 

• Support the customer in the ongoing governance of the cyber security services across multiple networks. 
• People leadership and management of the GRC and VM teams. 
• Accountability for the GRC and VM functions and delivery of artefacts.  
• Perform and investigate internal and external information security risk and exceptions assessments. Assess incidents, vulnerability management, scans, patching status and secure baselines, reporting on compliance to the customer. 
• Implement risk management framework including the management of the Cyber Security Risk Register, ensuring documented and sustainable compliance that aligns and advances the environments.  
• Evaluates risks to develop and implement security standards, procedures, and controls to manage risks.  
• Quality assure GRC components of artefacts, reports, and other outputs. 
• Review and update policies, standards and processes for accuracy, completeness, and currency. 
• Improve the security positioning through process improvement, policy, automation, and the continuous evolution of capabilities.  
• Conduct day to day reviews of operational security challenges and provide input into change control. 
• Assessment, ongoing reporting and tracking of vulnerabilities to ensure stakeholders understand the associated risks, gaps and remediation activities required. This is to be completed in collaboration with Industry partners. 
• Management of ongoing accreditation for the networks including routine document reviews, development and/or review of supporting artefacts such as SRMP, SSP, SSP-A, SOPS, etc. 
• Professional development of team members; and 
• Management of multiple stakeholders. 

Qualifications

About You and What You'll Bring 

• Australian Citizen with an NV2 Australian Government Security Clearance 
• 5+ years in Cyber Security role/s. 
• 5+ years' experience as a manager or team leader 
• Cyber Security or Governance Risk Compliance (GRC) background, ideally in the consulting space, internal enterprise assurance and advisory, or within Defence. 
• Knowledge of the Information Security Manual (ISM), Protective Security Policy Framework (PSPF); and ideally the Defence Security Policy Framework (DSPF). 
• Comfortable interacting with a mixture of highly technical peers and partners as well as uniformed staff and be willing to mentor other team members. 
• Desirable, previous experience in supporting Information and Communications (ICT) infrastructure in an engineering, operations, or incident response capacity. 

This role does require the successful applicant to be an Australian Citizen and hold a current NV-2 security clearance.

Additional Information

At Leidos, you’ll enjoy 12 weeks’ paid parental leave as a primary carer, flexible work practices, discounted health insurance, novated leasing and more. Foster your career through complete access to learning and development and mentoring opportunities, we have a strong track record of internal promotion and career transitions. 

As a business we are focusing on setting people up for growth and success, so individuals can develop specialist skills and make significant contributions whilst broadening their experience within the cyber security field.  If this sounds like you and you have the right attitude coupled with the willingness to challenge yourself and want to be in a team delivering security capability for government – apply today.

We embrace diversity and are committed to creating a truly inclusive workplace. We welcome and encourage applications from Aboriginal and Torres Strait Islander peoples, culturally and linguistically diverse people, people with disabilities, veterans, neurodiverse people, and people of all genders, sexualities, and age groups.