PERSON SPECIFICATION
Position Title |
ITSS Information Security and Risk Manager |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
Position Number |
30460 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
Position Reports to |
General Manager Commercial and Support |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
Direct Reports |
None |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
Date Created/Updated |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
Purpose of the Role
|
The prime purpose of this role is to ensure that IT security policies, processes and mechanisms in place are appropriate to minimise risk for WorkSafe/TAC, are well articulated and socialised, and are complied with.
The role will manage the design, coordination, implementation and maintenance of IT related policies with respect to security, risk and compliance management.
In the area of risk management, the role will be responsible for establishing a risk management strategy along with identifying mechanisms for adherence. This role will be responsible for establishing and maintaining an IT risk register.
As part of the audit management role, the Information Security and Risk Manager will be responsible for maintaining the audit calendar. They will act as a management contact point and ensure that appropriate corporate risk register are maintained.
In managing compliance, the role will be responsible for establish, implement and maintain a compliance management framework along with identifying mechanisms for monitoring adherence to controls.
The role will manage the design, coordination, implementation and maintenance of a continuous improvement framework aimed at fostering a culture of improvement within the division. In addition, the role chairs and manages the appropriate continuous improvement forums and promotes awareness among all stakeholders and TAC/WorkSafe staff.
This position is responsible for ensuring that ITSS maintains adequate knowledge, control and ownership of IT security policies and mechanisms without heavy investment in dedicated and narrow internalised technical security expertise.
Whilst it will be essential that the incumbent possess and maintain a strong knowledge of IT security principles, industry best practice and associated technical mechanisms, the focus of the role is management, governance and co-ordination of security as well as consulting on security matters rather than implementation of technical security services and mechanisms.
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
Primary Responsibilities & Accountabilities
|
Ongoing development and maintenance (in some cases through external service provision) of IT security policies, guidance material and security response plans relevant to WorkSafe/TAC and in accordance with industry standards or best practise. Ensure that processes and mechanisms are in place to monitor or enforce compliance with security policy and to address instances of non compliance. Manage the socialisation of WorkSafe/TAC security policy through education, awareness campaigns, preparation and presentation of guidance notes, accessibility of policy material etc. Manage the interactions between ITSS and WorkSafe/TAC corporate security, audit and risk management services. Manage the provision of security services (including regular audits and security tests) by external providers to ensure that they are accurate, meet requirements and service levels, and provide good value. Establish and manage a governance framework which ensures that all IT changes (including development or procurement of new solutions and security administrative process change) are properly assessed for risk and are treated for security accordingly. Be the authoritative reference point for all matters relating to IT risk management and security. Advise decisions on security and contribute to IT strategic forums. Maintain a strong understanding of current industry directions and best practice relating to security, risk management and regulatory compliance by attending industry forums, participating in Whole of Victorian Government forums, participating in communities of interest etc.
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
Key Relationships |
GM Operational Delivery – management of operational security services, including user registration, monitoring of security events etc All people within ITSS – this role will deal with all people in ITSS in relation to the socialisation/implementation/compliance with security policies, risk mitigation, coordination of audit related activities etc. Strategy, Planning and Architecture group – development and interpretation of security related strategies. Internal Audit and other WorkSafe/TAC security and risk management bodies – management and reporting of risk matters and response to security issues raised and verification of security treatments planned. Users of WorkSafe/TAC IT systems – awareness, compliance WorkSafe/TAC Legal Services team – validation of security, privacy and regulatory compliance treatments External security service providers – Maintenance of services and service levels, security reporting. Industry analysts, professional societies and WoVG interest/focus groups relating to security, privacy, risk management and regulatory compliance – Assessment of contemporary and relevant methods for security management. Peer networking
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
Competencies & Behaviours
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
Essential Skills, Education levels & Experience
|
Strong background in broad IT security related discipline in a complex technology environment similar to TAC/WorkSafe. Preference for CISSP certification or equivalent/similar industry certification/s. Technical knowledge and expertise in Risk & Compliance management. Demonstrated ability to liaise with external and internal stakeholders, providing excellent customer service. Strong communication and documentation skills. Strong understanding of contemporary security treatments. Strong influencing and interpersonal skills. Strong organisational and activity management skills. Experience in dealing with external provision of security services. Ability to work independently and also to work as part of a team. Strong investigative skills. Very high levels of personal integrity. Good knowledge of the regulatory compliance landscape.
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
Position Parameters |
Not Applicable |
MOVILIDAD DEL PERSONAL CON FINES DE DOCENCIA
2 MODELO DE DECLARACIÓN RESPONSABLE PARA PERSONAS
2 – PRÄMIE FÜR DAS PERSONAL DES SÜDTIROLER
Tags: information security, organises information, specification, security, title, position, information, person