About the role
This is a newly created role reporting into the equivalent of a CIO, this is a GRC build out style role. There is a requirement to build out and maintain an ISMS in line with Government ISM and PSPF standards. Through a recent pre-audit meeting by an IRAP assessor it was highlighted that they need to uplift their application security fundamentals and embrace shift left principals in their security team. Initial focus will be on working through the upcoming IRAP audit, maturing their ISMS and taking the broader team on a journey of security uplift.

After this initial phase, there is a possibility of this team growing and you being responsible for building this team yourself.

If you have prior experience in similar roles where you have implemented application security or DevSecOps principals in a government business, this role would be an ideal fit. Similarly, if you have experience leading a Cyber GRC function in a government business this is also well aligned.

Culture / Benefits

• Hybrid - remote friendly team with expectation of time in office low
• A tight knit and growing team in a well funded government department
• Mature environment with a leader who is a direct communicator

Duties

• Control mapping and uplift to ISM and PSPF standards
• Work with a range of business stakeholders to educate and implement controls
• Build upon their existing function to implement security into the SDLC
• Define and advise DevSecOps style principals
• Deliver hands-on to build out GRC framework

Skills and experience

• Previous experience as a senior or lead in a GRC function
• Strong knowledge and experience across various government frameworks - ISM, PSPF etc
• Experience working through an IRAP audit
• Knowledge around security software development principals
• Strong stakeholder engagement skills and experience
• Previous experience implementing a DevSecOps or AppSec program (nice to have)
• Collaborative personality type to work with various stakeholders
• Industry certifications are highly regarded