Security Specialist - Threat Risk Assessment

Requirements:

• Strong understanding and expertise in security architecture.
• Experience in applying Cyber Security methodologies and tools to define scope, identify critical assets, and conduct security assessments such as TRA.
• Ability to plan and facilitate Threat Risk Assessments and workshops with clients.
• Knowledge of HTRA or equivalent methodologies, and techniques to secure information assets.
• Proven ability to identify security gaps and weaknesses, and recommend mitigation strategies.
• Understanding of relevant legislation (e.g., Privacy Act), security technologies, and audit procedures.
• Experience in developing enterprise architecture models and providing security support.
• Experience establishing secure environments at various system levels and with complex systems.
• Ability to analyze security issues and produce reports within timelines.
• Experience in defining security requirements for procurement and assessing risks across diverse environments.
• Awareness of emerging IT security trends.
• Strong analytical, communication, and interpersonal skills; proven team player.

Desirable Skills:

• Experience in enterprise architecture, information management, and disaster recovery planning.
• Proficiency in threat and risk assessment, PKI, intrusion detection, malware mitigation, vulnerability analysis, and penetration testing.
• Knowledge of network monitoring, security policies, forensic investigation, and security education.

Cyber Risk Assessment - 40%:

• Understanding of threat modeling, risk assessment methodologies, and risk management frameworks like NIST SP 800-30.
• Ability to identify vulnerabilities and assess impacts on organizational assets.
• Proficiency with cybersecurity tools for vulnerability scanning and risk analysis.
• Knowledge of relevant laws and standards such as GDPR, HIPAA, ISO 27001.

Cyber Security Architecture - 40%:

• Expertise in designing secure network architectures, including firewalls, IDS/IPS, VPNs.
• Knowledge of cloud security, encryption, authentication, and access controls.
• Familiarity with security protocols (TLS, SSL, IPsec) and incident response planning.
• Understanding of industry frameworks like NIST and CIS Controls.

Executive IT Communication - 20%:

• Ability to communicate complex technical information clearly to non-technical stakeholders.
• Proficiency in creating presentations and reports.
• Skills in stakeholder engagement and relationship building with leadership and board members.