Lead Cyber Security Analyst

Application closing date: Thursday, 02 April 2026 • 11:59pm, Canberra timeEstimated start date: Monday, 20 April 2026Location of work: ACTWorking arrangements: Candidates will have hybrid working arrangements (i.e. a combination of onsite attendance in the office and remote working)Length of contract: 12 monthsContract extensions: 2x 12 monthsSecurity clearance: Must be able to obtain Negative Vetting Level 1Rates: $100 - $120 per hour (inc. super) The Department of Veterans' Affairs & the Repatriation Commission and the Military Rehabilitation and Co is seeking a Lead Cyber Security Analyst to responsible for assessing, documentation and validating the security posture of information systems to ensure compliance with organisation, government and industry standards. They will also be responsible for managing the entire Authorisation to Operate (AtO) lifecycle, producing necessary security documentation, conducting risk assessments and liaising with stakeholders to achieve system accreditation. Level of experience required:3+ years' experience in information security, cyber risk, or GRCIn-depth knowledge of Australia Government Security Standards (ISM, PSPF)Ability to explain technical security risks and controls to non-technical stakeholders.Security certifications (CISSP, CISM, CRISC, ISO 27001 Lead Implementer/Auditor) (desirable)Bachelor's Degree or equivalent in Cyber Security or other relevant field (desirable) The key position responsibilities are:Lead the system security authorisation process in accordance with the Information Security Manual (ISM) and Protective Security Policy Framework (PSPF)Develop and maintain critical security documentation, including Standard Operating Procedure (SOPs)Conduct comprehensive risk assessments to identify, evaluate and mitigate risks across projects and operational environments.Work closely with the Authorisation Officers (AO), system owners, project managers and technical teams to facilitate the security posture of systems post accreditation by conducting regular audits and reviewing changes to the system.Establish processes to report and manage security incidents that could affect the systems AtO compliance against frameworks such as ACSC ISM, Essential Eight, ISO/IEC 27001 and NIST CSF. Essential criteriaTwo years experience in Complex ICT environments with multiple service providers (Desired)Minimum two years professional experience in ICT with proven experience in Information Security and / or Risk Assessments (Desired)Cloud Security Experience (Desired)Statement of claims against the position description and key responsibilities HOW TO APPLYPlease provide an updated CV (a maximum of 3-5 pages) to reflect your suitability to the role based on the job description. You will also need to complete a summary which is no more than 5000 characters in total in response to the requirements for the role and the essential and desirable criteria. Your application will be reviewed based on ability to demonstrate, or potential to develop, the capabilities required.