Job Description

KEY RESPONSIBILITIES AND RESULTS Indicate key responsibilities and performance indicators of this role. For existing role, please indicate additional responsibilities in bold. 1. Design review Understand the solution and business drivers to perform risk assessment on the design. 2. Identify the security gaps in accordance with Optus cyber security policy, standards and industry best practices. 3. Work on the mitigation plan for the identified gaps. 4. Document the gaps in form of cyber security risks, with likelihood, impact, and severity ratings. 5. Drive the project towards approval of the identified risks based on Optus’s risk management framework. 6. Attend ad-hoc cyber security related queries for the cloud systems. 7. Identify areas of automation & assist with implementation to deliver the strategy of digital transformation in the future business workplace. 8. Maintain key internal systems and services. E.g. User guides, Knowledge bases, etc. 9. Liaise with stakeholders such as internal and external development teams, and relevant IT teams ensuring ensure all stakeholders are considered and are informed of issues and risks in production. 10. Identification of pain points & provide ideas for improvement. 11. Show innovation through unique ideas and propose them to the team. 12. Complete all required training courses within the allocated timeframes. SECTION C: MAJOR CHALLENGES / TYPICAL PROBLEMS ENCOUNTERED List the principal challenges or problems faced by the role in achieving the results of the position. Also, describe the extent to which originality or creativity is required in solving the problems faced. Specify unique problems associated with the position because of job complexity, economic and environmental aspects or growth potential. For existing role, please indicate additional challenges and problems in bold. 1. Keeping up with the latest technology 2. Management of multiple concurrent tasks across multiple delivery streams 3. Managing different stakeholders who often have different set of concerns 4. Adaptive to a fast-changing environment SECTION D: DECISION MAKING AUTHORITY Provide key information (both from a Problem Solving and Accountability Perspective) with appropriate examples to help define the scope and impact of the job and the extent to which the job has authority to manage resources and make decisions. (To also consider the approval limits of the role, procedural decision making, authority and empowerment.) For existing role, please indicate additional decision making authority in bold. Decisions made under own authority Decisions referred to higher authority Prioritisation of tasks working across multiple delivery teams. Initiatives requiring spend more than allocated budget. Decisions involving impacts or delays to delivery, reliability or availability. Decisions involving impacts to security. Adoption or modification of tools, technologies, frameworks and processes relating to delivery and operations. Decisions relating to procurement of tools and technologies. Staff Under Management: To ensure that all information provided in this section is tallied with the appended Organisation Chart. Number of direct reports (Internal) 0 Total staff under management (i.e., Internal + External*) * External staff refers to staff by matrix reporting line / agency / SOW / agency contractors / outsourced offshore etc. 0 MM (Exec 1 – 4) headcount: 0 PF (P1 – P5) headcount: 0 OS (All OS Grades) headcount: 0 SECTION F: QUALIFICATIONS / EXPERIENCE / KNOWLEDGE REQUIRED Indicate key knowledge and skills required for this role to perform the tasks to a satisfactory level. To also specify a suitable level of qualification required (i.e., basic, advanced, or professional), where applicable. Category Essential for this role Good to have Education and Qualifications Degree in Computer Engineering, Telecommunications Engineering or Computer Science Work Experience 3 years of cloud security and wider cyber security domain experience (AWS, GCP or Azure) Technical / Professional Skills Please provide at least 3 1. Experience as a Cloud Security Analyst or similar role. 2. Well versed with public cloud solutions IAAS, SAAS and PAAS (AWS and Google). 3. Experience with risk assessment tools and methodologies. 4. Ability to articulate complex risks is simple statements. 5. Knowledge of security frameworks and standards (e.g., ISO 27001, NIST). 6. Strong stakeholder management and communications skills. 7. Strong excel and reporting skills. 8. Network knowledge (TCP, UDP, ports, protocols, Ping, traceroute etc.) with troubleshooting skills. 9. Understanding of JIRA software for issue creation and reporting. 10. Cloud security certifications (e.g., CISSP, CCSP, AWS Certified Security). Scripting skills (Python) CIS framework understanding. Non-Technical / Soft Skills 1. Self-directed and motivated 2. Flexible: preparedness to change ideas and behaviors when faced with conflicting or new information 3. Demonstrate a willingness to take ownership of solutions 4. Possess the ability to exercise independent and effective judgment 5. A desire to do things well and to exceed previous standards 6. Open Communication: Preparedness to express and share knowledge and views on a continual basis 7. Exhibit and require the highest ethical standards and integrity 8. Work well under pressure and to tight deadlines 9. Display a disciplined but flexible approach to problem solving Experience liaising with stakeholders 1. Able to pro-actively identify challenges and recommend solutions. 2. Creative/ Lateral thinker 3. Show an ability to win the trust and respect of individuals and the group

More Info

Education