Engineering Consultant Audit Analytics Security Risk Management
Purpose To enable the business in changing IT systems and pursuing opportunities in a secure way; through enforcement of security policies and by designing solutions that protect business value from security risks, threats and vulnerabilities. To outline the core principals, conceptual and logical security models and controls for designing a secure system solution that protects business value and ensures the solution is designed within the NAB risk appetite. To consult and help the business, project and technical practitioners avoid missing critical security concerns. To influence senior management and project leaders, in order to update the solution requirements to reflect the need for security Key Decisions - Determining if solutions are in line with Group Information Risk Policy - Determining appropriate security controls to address risks - Managing technical deviations/significant risks and provide recommendations for alternative solutions and/or compensating controls to reduce impacts. Key Accountabilities - Providing security consultancy to enable the Business and Project teams to understand impacts from proposed system changes and solutions. Includes handing difficult conversations and influencing colleagues to manage the solution requirements and reflect the need for security. - Analysing the non-normative flows through systems, applications and proposed solutions to identify risks, security threats and vulnerabilities in order to identify required security control components and countermeasures. - Contribute with Senior Security Architects towards significant architectural decisions with senior management, sponsors and projects to ensure secure outcomes and appropriate governance practices are adhered to, including notifications to Technology Architecture Forums. - Leveraging and updating existing control reference patterns and developing new patterns to outline integration approaches, use-cases, re-use, and technical reference for Enterprise security capabilities. - Proactively managing risk and assurance requirements when developing designs that change risk posture within agreed Risk Appetite and ensure compliance.
Essential capabilities (core) - Decision Quality, Strategic Mindset, Situational Adaptability, Self-awareness, Excellent English Communicator, Accountability. - 5+ years experience in the Technology industry AND - 3+ years experience in information security. Domains / Roles of experience can include, but is not limited to: • Security Risk Management, • GRC, • Security Audit, • Security Analyst, • Security and/or Risk Consulting. - Degree in Computer Science / information systems or equivalent technical qualification Other capabilities (technical) - Proven experience with strong business engagement, influencing skills with the ability to navigate complex topics with fact-based analysis. - Understand the trade-offs involved in security change while simultaneously delivering technical capability & business benefit. Requires commercial acumen, business alignment and ability to negotiate.
- Competitive salary, health insurance covered for employee and dependents - Working on international projects. Professional and dynamic working environment - Achieving valuable experience with variety projects, new technologies and hundreds of talents - Receiving training opportunities, including many technical seminars and soft skill training courses - Good opportunity for promotion through the regular performance review system. - Full social insurance - 13th-month salary - AL: 15 days - Working devices provided
Chat/Apply
