Senior Cyber Security Specialist - Architecture & Assurance

Description:

When you join ASX, you’re joining a company with a strong purpose – to power a stronger economic future by enabling a fair and dynamic marketplace for all.

In your new role, you’ll be part of a leading global securities exchange with a strong brand. We are known for being a trusted market operator and an exciting data hub.

Want to know why we are a great place to work, click on the link to learn more.

www.asx.com.au/about/careers/a-great-place-to-work

The ASX team brings together talented people from a diverse range of disciplines.

We run critical market infrastructure, with 1 in 3 people employed within technology. Yet we have a unique complexity of roles across a range of disciplines such as operations, program delivery, financial products, investor engagement, risk and compliance.

We’re proud of the diversity of our organisation and the culture of inclusion that all our people help to build every day. Our employee-led groups are known for celebrating cultural and religious events, championing LGBTIQ+ inclusion (recently achieving AWEI Bronze), inspiring giving and volunteering, promoting gender equality, and wellbeing. We are an Employer of Choice for Gender Equality (WGEA) and a member of the Champions of Change Coalition for the advancement of gender equality in Australia.

The Security Architecture and Assurance function sits within the broader Technology Security and Governance team and ensures that new systems delivered by ASX are secure by design and security assurance activities are effective in validating expected security posture.

The Senior Security Specialist role will be focussed on providing security assurance and advice to the ASX’s Digital, Technology Infrastructure and Cyber divisions. The role is expected to be the trusted advisor for the consulted divisions and an effectively an extension of the Cyber team in the consulted areas.

This role will also be involved in other aspects of the Security Architecture and Assurance team’s work. The role will interact with stakeholders at all levels of the organisation – including representatives from technology, cyber, devops, project and business teams. The role requires mature understanding of security architecture, technical security knowledge, influencing skills, ability to operate autonomously, as well as good communication skills to clearly translate security findings into business risks.

What you’ll do:

• Define, manage and deliver the security assurance program for various ASX business projects
• Act as the security champion and face of cyber security for business projects. Work with project teams on defining project security requirements, making sure these are well understood by stakeholders, tacking the implementation of requirements and alignment with the ASX Security Policy Framework. Provide security controls implementation guidance and patterns.
• Work with respective project architects and designers to ensure security requirements are embedded in system architecture documents and component designs in a traceable way. Ensure security documentation is maintained up to date and holds up to external audit standards.
• Provide security assurance around implemented security requirements. Assess risk around any exceptions.
• Provide guidance around regulatory and any security certification requirements (e.g. FSS, ISO 27001, ASAE3402, SOC-2 if required)
• Coordinate external security review and penetration testing activities
• Work cross-team in relation to bringing in and establishing new security capabilities
• Contribute to security policy and standards maintenance and updates
• Contribute in creating security architecture and design/implementation patterns
• Review and approve firewall requests in alignment with ASX Network Security Policy
• Collaborate with other security teams on projects and cyber initiatives delivery
• Mentoring and propagating positive security culture within the organisation
• Facilitate cyber risk workshops, threat assessments and table top exercises
• Produce security reports, risk assessments and analysis
• Conduct security posture assessment of 3rd parties in relation to supported projects
• Evaluate, assess and recommend security tools and products
• Liaise with internal and external auditors as required

What you’ve done:

• 5 years’ experience in security consulting/assurance/testing/design/architecture role
• Technical knowledge in core domains of infrastructure security, web applications security, cyber tooling and cloud hosted environments (focus on AWS, M365) and SaaS security
• Experience in working with results of security tests and reviews including prioritising findings and explaining security risk to business stakeholders
• Managed penetration testing and red teams conducted by third parties
• Experience in development of vulnerability mitigation plans
• Performed security risk assessments
• Developed security related documentation (policies, procedures, standards)
• Experience in cloud based technologies and associated better practices and security controls
• Experience in creating security architecture patterns
• Exposure to security design as it relates to cloud and on-prem environments
• Exposure to industry standard security frameworks and good practice guidelines (e.g. FSS, NIST, ASD E8, CIS, SOC-2)
• Achieved security certifications (e.g. CISSP, CISM, Cloud)

And if you’ve got some of this, even better:

• Experience in securing real time latency sensitive systems within the financial sector.
• Experience in working with large projects
• Understanding of current Australian regulatory environment (as it relates to financial services / clearing and settlement providers)
• Experience with identity management systems and protocols such as sAML/oAuth/OIDC
• Designed and implemented DevSecOps workflows, processes and tools aligned with better security practices
• IT degree with a focus on IT Security

What you need to enjoy and be good at for this role:

• Being able to switch context often across varied tasks
• Great negotiator enjoying getting mutually acceptable outcomes, while clearly asserting non-negotiables
• Strong stakeholder management ability, maintaining relationships with internal and external clients
• Ability to take ownership of issues and drive them through to closure
• Ability to both look at the bigger picture and dive into the details
• Excellent written and verbal communication skills
• Continuous improvement mindset
• Strong risk focus in an environment where this is no room for compromising on process and control effectiveness

We make hiring decisions based on your skills, capabilities and experience, and how you’ll help us to live our values. We encourage you to apply even if you don’t meet all the criteria of this role. If you need any adjustments during the application or interview process to help you present your best self, please let us know.

At ASX Group, our diverse workforce is essential to build and maintain a fair and dynamic marketplace. We support flexible working and offer hybrid working options. Even if our roles are advertised as full-time, we encourage you to apply if you are interested in part-time or other flexible working arrangements.

We will arrange for successful candidates to have background checks, including reference and police checks completed as part of the on-boarding process.