PERSON SPECIFICATION POSITION TITLE ITSS INFORMATION SECURITY AND RISK

 F OREIGN WORKER RECRUITMENT ANY PERSON WHO ASSISTS
    OVANSTÅENDE PERSON HAR GENOMGÅTT MASKINFÖRARUTBILDNING
  APPLICATION FORM AND PERSONAL INFORMATION SHEET IF

1 ANALISIS FUNCIONAL Y SINTAXIS Y SEMANTICA DE PERSONAJES
CHARGE SHEET I PERSONAL DATA 1 NAME
Manor Lakes p12 College Personnel Leave

Position Title


PERSON SPECIFICATION

Position Title

ITSS Information Security and Risk Manager

Position Number

30460

Position Reports to

General Manager Commercial and Support

Direct Reports

None

Date Created/Updated


Purpose of the Role

The prime purpose of this role is to ensure that IT security policies, processes and mechanisms in place are appropriate to minimise risk for WorkSafe/TAC, are well articulated and socialised, and are complied with.


The role will manage the design, coordination, implementation and maintenance of IT related policies with respect to security, risk and compliance management.


In the area of risk management, the role will be responsible for establishing a risk management strategy along with identifying mechanisms for adherence. This role will be responsible for establishing and maintaining an IT risk register.


As part of the audit management role, the Information Security and Risk Manager will be responsible for maintaining the audit calendar. They will act as a management contact point and ensure that appropriate corporate risk register are maintained.


In managing compliance, the role will be responsible for establish, implement and maintain a compliance management framework along with identifying mechanisms for monitoring adherence to controls.


The role will manage the design, coordination, implementation and maintenance of a continuous improvement framework aimed at fostering a culture of improvement within the division. In addition, the role chairs and manages the appropriate continuous improvement forums and promotes awareness among all stakeholders and TAC/WorkSafe staff.


This position is responsible for ensuring that ITSS maintains adequate knowledge, control and ownership of IT security policies and mechanisms without heavy investment in dedicated and narrow internalised technical security expertise.


Whilst it will be essential that the incumbent possess and maintain a strong knowledge of IT security principles, industry best practice and associated technical mechanisms, the focus of the role is management, governance and co-ordination of security as well as consulting on security matters rather than implementation of technical security services and mechanisms.



Primary Responsibilities & Accountabilities

  1. Ongoing development and maintenance (in some cases through external service provision) of IT security policies, guidance material and security response plans relevant to WorkSafe/TAC and in accordance with industry standards or best practise.

  2. Ensure that processes and mechanisms are in place to monitor or enforce compliance with security policy and to address instances of non compliance.

  3. Manage the socialisation of WorkSafe/TAC security policy through education, awareness campaigns, preparation and presentation of guidance notes, accessibility of policy material etc.

  4. Manage the interactions between ITSS and WorkSafe/TAC corporate security, audit and risk management services.

  5. Manage the provision of security services (including regular audits and security tests) by external providers to ensure that they are accurate, meet requirements and service levels, and provide good value.

  6. Establish and manage a governance framework which ensures that all IT changes (including development or procurement of new solutions and security administrative process change) are properly assessed for risk and are treated for security accordingly.

  7. Be the authoritative reference point for all matters relating to IT risk management and security. Advise decisions on security and contribute to IT strategic forums.

  8. Maintain a strong understanding of current industry directions and best practice relating to security, risk management and regulatory compliance by attending industry forums, participating in Whole of Victorian Government forums, participating in communities of interest etc.

Key Relationships


GM Operational Delivery – management of operational security services, including user registration, monitoring of security events etc

All people within ITSS – this role will deal with all people in ITSS in relation to the socialisation/implementation/compliance with security policies, risk mitigation, coordination of audit related activities etc.

Strategy, Planning and Architecture group – development and interpretation of security related strategies.

Internal Audit and other WorkSafe/TAC security and risk management bodies – management and reporting of risk matters and response to security issues raised and verification of security treatments planned.

Users of WorkSafe/TAC IT systems – awareness, compliance

WorkSafe/TAC Legal Services team – validation of security, privacy and regulatory compliance treatments

External security service providers Maintenance of services and service levels, security reporting.

Industry analysts, professional societies and WoVG interest/focus groups relating to security, privacy, risk management and regulatory compliance Assessment of contemporary and relevant methods for security management.

Peer networking

Competencies & Behaviours

Competency

1

2

3

4

5

Conceptual Thinking

Draws on past experience

Makes connections

Applies conceptual frameworks

Simplifies complex ideas

Creates new ideas and concepts

Contributing Expertise

Keeps skills up-to date

Serves As a practical resource to others

Contributes to others knowledge and development

Provides expert advice

Recognised as an industry expert in discipline

Driving Improvement Initiatives

Uses initiative

Identifies improvements

Makes specific changes to improve performance

Uses analysis to determine improvement

Develops and implements improvement initiatives

Facilitates Outcomes

Presents information

Puts forward rational argument

Facilitates discussion to achieve outcome

Utilises a “win-win” approach to presenting a case

Develops cooperation and builds alignment

Information Gathering

Asks questions

Explores anomalies

Seeks to uncover the facts

Undertakes systematic research or investigation

Use own research systems

Stakeholder Support and Service

Follows up

Listens, Interprets and Establishes Needs

Tailors response and ensures understanding

Acts to resolve needs

Acts proactively to resolve issues

Tactical and Analytical Thinking

Organises information

Sees interdependencies and sets priorities

Undertakes analysis to support the business

Systematically analyses and plans to achieve outcomes

Undertakes very complex planning or problem solving

Working in a Team

Acts cooperatively within their team

Actively seeks input from others

Seeks to understand the needs of other teams

Promotes cross functional teamwork

Aligns actions to organisational goals


Essential Skills, Education levels & Experience

  • Strong background in broad IT security related discipline in a complex technology environment similar to TAC/WorkSafe.

  • Preference for CISSP certification or equivalent/similar industry certification/s.

  • Technical knowledge and expertise in Risk & Compliance management.

  • Demonstrated ability to liaise with external and internal stakeholders, providing excellent customer service.

  • Strong communication and documentation skills.

  • Strong understanding of contemporary security treatments.

  • Strong influencing and interpersonal skills.

  • Strong organisational and activity management skills.

  • Experience in dealing with external provision of security services.

  • Ability to work independently and also to work as part of a team.

  • Strong investigative skills.

  • Very high levels of personal integrity.

  • Good knowledge of the regulatory compliance landscape.

Position Parameters



Not Applicable



MOVILIDAD DEL PERSONAL CON FINES DE DOCENCIA
2 MODELO DE DECLARACIÓN RESPONSABLE PARA PERSONAS
2 – PRÄMIE FÜR DAS PERSONAL DES SÜDTIROLER


Tags: information security, organises information, specification, security, title, position, information, person