Information Security Specialist

Role: Information Security SpecialistLocation: Sydney CBD, hybrid working options availableGrade: Clerk Grade 7/8Salary Range: $113,574 - $125,720 + Super Employment Type: Temporary, full time position until December 2026 This role sits within Government Technology Platforms (GTP) within Digital NSW. This is an exciting opportunity to perform Security Risk Assessments on new and existing applications and solutions delivered to the whole of NSW government. The role will operate and further improve the Security Risk Assessment framework and processes used to assess all solutions within Government Technology Platforms. This is a holistic assessment, considering not only technical controls, but also supporting compliance and governance processes and contractual relationships with third parties. You have an understanding in performing risk assessments of new solutions and can provide guidance to stakeholders in line with industry best practices, internal policies, and standards. On a day-to-day basis you enjoy working and collaborating with different product teams to ensure security is appropriately considered during the design, build and delivery of customer centric solutions. Designing and improving processes is considered a strength of yours. You enjoy stepping outside of your comfort zone and increasing your skillset. Responsibilities Collaborating with Product Owners to understand their proposed solution design, integrations, and data flows. These solutions may comprise of a combination of in-house designed web applications, vendor XaaS products, and other associated components. Providing technical security guidance in line with industry frameworks and standards including NIST, CIS, OWASP, SABSA, COBIT and/or TOGAF. Ensuring that any solution complies with internal policies, standards and compliance procedures. Coordinating penetration tests with an external provider, aiding internal technical teams with interpreting results and making suggestions for potential remediation. Work with stakeholders to assign risk ratings for assessment findings in line with risk management framework; and helping to navigate these risks through remediation and risk acceptance processes. Providing support in leading the maturity of the security risk assessment process, including the advanced adoption of application security testing methodologies (such as SAST, SCA, DAST and/or IAST) in the software development lifecycle for a robust DevSecOps, improvement of templates and documentation. Note that this is not a hands‑on technical role, but you will be required to use your technical security knowledge to ensure that solutions are appropriately assessed and are compliant before go‑live. Qualifications Proven track record performing security risk assessments for solutions. (mandatory) Strong understanding of web applications, APIs and their vulnerabilities. Knowledge and understanding of relevant industry standards and frameworks which may include OWASP, NIST, CIS, SABSA, COBIT, TOGAF and ISO-27000 series. Good stakeholder engagement and communication skills – the candidate should demonstrate ability to consult, facilitate and adapt the engagement approach to cater to a diverse range of stakeholders. Understanding of Cloud technology and compliance (As‑a‑Service). Understanding of communication, network & security protocols, cryptography, authentication & authorisation, certificate management, Identity & Access Management and threat modelling. One or more certifications related to the above-mentioned criteria would be viewed favourably, although are not mandatory. Examples may include: CompTIA Security+, CISA, CRISC, CISM, CISSP, ISO27001 LA/LI, AWS/Azure Security. AI Statement The NSW Government is committed to ensuring the safe, ethical and responsible deployment of AI across NSW. Please review the NSW Government Generative AI basic guidance here: GTP embraces the use of AI to enhance productivity and creativity. In the Assignment to Role process, AI tools should be used solely for drafting and planning purposes; final submitted applications need to be your own work and reflective of your personal experience. Looking for more information? Reach out to the GTP recruitment team: To Apply Click the link to submit your application. Please attach your resume and a cover letter, demonstrating how your skills and experience align with the role. Please Note: The application portal will be unavailable from 24/12/25 to 25/12/25 due to system maintenance. Applications during this period will not be received. Please apply prior to midnight 23/12/25 or from 26/12/25 until the closing date. Closing Date: 18 January 2026, 9:59am The Department of Customer Service (DCS) is an equal opportunity employer and welcomes diverse applicants. We strive to create an inclusive workforce where different backgrounds and perspectives contribute to our success. #J-18808-Ljbffr