• ASIC is seeking a full time Senior Security Architect to join their Cyber Security function within Transformation Office Digital, Data and Technology Team
• Work with a high performing & collaborative team and gain industry certification in a security architecture, such as SABSA or a cloud platform security architecture certification
• Permanent position based in Sydney or Melbourne
A future with ASIC means that your work will contribute to ASIC's vision for a fair, strong and efficient financial system for all Australians. We value what you will bring. We value those with sharp, analytical minds and are open to challenging the way things are done.
The team
Cyber Security provides a wide range of services including security architecture & design, incident response and cyber assurance for ASIC. We make use of the latest security technology with an increasing focus on automation and analytics to secure and support ASIC on its journey to be a 'best in class regulator supporting the Australian financial markets.
The role
• working as an internal customer-facing specialist leading in-depth technical security architecture designs and assessments
• defining technologies, security controls, and operating protocols that protect data hosted in the cloud from loss, inappropriate alteration, or misuse
• assessing the completeness and effectiveness of security controls and solutions to identify capability gaps, security weaknesses and potential attack vectors
• assessing SaaS and PaaS services against the Australian Cyber Security Centre (ACSC) Information Security Manual (ISM) and industry cloud security control frameworks
• working with solution architects to enhance the security controls on the existing technology platforms, services, and solutions
• performing / coordinating threat modelling and architecture design review sessions to identify the completeness of solution's security controls
• contributing to the Cyber Security architecture principles, patterns, roadmaps, frameworks and building blocks
• coordinating and facilitating the onboarding of technology services and solutions into the SOC threat monitoring program
About you
• A tertiary qualification and/ or equivalent experience in a cyber security role with demonstrated experience as a security architect
• Demonstrated knowledge & experience in:
- defining, designing, and overseeing the implementation of secure solution architectures for AWS or Azure hosted solutions in alignment with appropriate platform security standards & frameworks
- defining, designing, and overseeing the implementation of secure solution architectures for endpoint security, internet gateway, IPS/IDS and network device infrastructure
- experience providing leadership (from an architectural perspective) regarding Security Operations Centre (SOC) tools and threat hunting activities utilising Microsoft Sentinel
- using industry security control frameworks and standards, including NIST and ISO 27001, as well as those applicable to Australian Government entities, including the ACSC ISM and the ASD Essential Eight, to design secure solutions
- performing threat modelling and design reviews to identify security requirements for new technologies, services, and systems
- championing and overseeing the design and implementation of secure solutions and good security practices amongst peers in a broader IT architects' community
- designing solutions using common industry standard cloud-native authentication and authorization mechanisms, MFA and SSO; in-depth knowledge of IAM architectures
• A clear understanding of enterprise-scale cloud and hybrid cloud infrastructure security
• Experience working with cloud security and governance tools including CASBs and CSPMs
• Demonstrable skills in assessing, analysing, and resolving complex client and stakeholder related queries
• Ability to effectively present complex information to project and senior level audiences both verbally and in writing
• Formal security certifications are desired but not essential
About ASIC
ASIC's remit is one of the broadest of regulators across the world.
ASIC regulates corporations, markets, financial services and consumer credit and monitors and promotes market integrity and consumer protection in the Australian financial system.
Through our enforcement work, we hold to account those who contravene the law, working to achieve strong outcomes that address the greatest consumer and investor harms.
Through Moneysmart, we aim to improve the skills and knowledge of Australians and provide information and tools to help them in their decision making.
A future with ASIC means that your work will contribute to achieving ASIC's vision for a fair, strong, and efficient financial system for all Australians.
ASIC is committed to a providing a diverse and inclusive workplace where the very best talent in Australia chooses to work. Indigenous Australians are encouraged to apply as well as applicants from all backgrounds and with different abilities
To work with us, you need to be an Australian citizen, and be prepared to complete an ASIC Suitability and Baseline Assessment which is issued ASIC's Security team.
View the position description for more information or click ‘apply' to start your application.
Applications for this role will close at 11:59pm on Monday 4 March 2024
