Security Assurance Manager

The Security Assurance Manager is a security policy practitioner who oversees and administers the security assurance function, ensuring effective implementation and administration of security policies, procedures and technical controls to improve the Bureau's security maturity posture. This role supports the Bureau to comply with its Australian Government security obligations with Protective Security Policy Framework (PSPF) and Information Security Manual (ISM) through security assurance review, audits, governance and process uplift. The role will provide advice to senior business stakeholders and government service providers on compliance, technical controls and implementing policies, procedures, processes, and guidelines. The Security Assurance Manager is a trusted adviser and key subject matter expert in compliance to security frameworks, policy and procedures. The role will build a security assurance capability including framework and processes and provide expert knowledge across all areas of protective and cyber security – governance, personnel, information and physical to ensure compliance with obligations. Reporting to the Security Program Lead, the role works closely across all functions within the Security Program. Key Duties Build and manage the security assurance function through development of a security assurance framework and supporting review and auditing processes Provide security assurance and compliance guidance as subject matter expert to support the Security Program across all areas of security – governance, risk, information, technology, personnel and physical. Oversee and manage the Bureau's response to the annual PSPF Self‑assessment and ASD Cyber Survey, including setting up processes to support and streamline annual reporting with stakeholders. Provide guidance to design, support and implement measures and reviews that will build and mature security compliance across all domains and enhance a security culture, within the Bureau. Project oversight of the Protective Security Implementation Plan deliverables, Essential 8 Cyber Improvement Plan deliverables and other uplift plans from security agency partners to ensure delivering on key outcomes Oversee management of internal and external audit reporting relating to security, including implementation of any security governance and assurance recommendations and/or actions. Ensure effective implementation and delivery of the Bureau's security strategic agenda, roadmap, policy, procedures, process, risk mitigation strategies and operations. Oversee and manage any security project implementation, including stakeholder engagement and delivery management, reporting, status updates and reporting to governance bodies and executive. Identify and manage opportunities for uplift activities from vulnerability reports and IT controls assurance with stakeholders to improve cyber hygiene across the organisation Engage with and work collaboratively with stakeholders across the Bureau, in relation to security assurance obligations, e.g. PSPF and ASD Cyber Survey (Essential Eight). Commitment to APS Values, Employment Principles, Code of Conduct, and the Bureau's Social Justice Strategy. Provide timely, comprehensive and accurate information and reporting to the Security Program Lead and team in both written and verbal communications. Undertake other tasks as directed. Comply with all Bureau work, health and safety policies and procedures, and take reasonable care for your own health and safety and that of employees, contractors and visitors who may be affected by your conduct. About the Bureau of Meteorology The Bureau of Meteorology is one of the few organisations that touches the lives of all Australians and all Australia, every day. The Bureau works across Australia and remote islands, providing services from the Antarctic to beyond the equator, and from the Indian Ocean to the Pacific. We are Australia's national weather, climate and water agency, in the Agriculture, Water and Environment portfolio of the Australian Government, operating under the authority of the Meteorology Act 1955 and the Water Act 2007. We provide data, information, knowledge, insight and wisdom to help Australians prepare and respond to the realities of their natural environment, including droughts, floods, fires, storms, tsunami and tropical cyclones. Our products and services include observations, forecasts, analysis and advice covering Australia's atmosphere, water, oceans and space environments. We undertake focused scientific research in support of our operations and services. Through regular forecasts, warnings, monitoring and advice, we provide one of Australia's most fundamental and widely used public services. We have strong relationships with our customers, partners and stakeholders in Australia, including the Australian Community and the emergency services sectors, all-levels of Government, and focus sectors including aviation, agriculture, energy and resources, national security and water. #J-18808-Ljbffr