At Uniting we believe in taking real steps to make the world a better place. We work to inspire people, enliven communities, and confront injustice. Our focus is always on the people we serve.

We are bold, imaginative, respectful, and compassionate.

About the Role:

This role is responsible for ensuring that Uniting has the right level of security controls in place to remediate Uniting’s audit, risk and issue, and compliance requirements. This role is also responsible for ensuring that these controls are designed and operated effectively. 

Your key relationships:

Internal:

• IT Service Desk and Infrastructure support teams and the wider Technology team
• Security Programme Team
• Uniting Risk and Audit team
• Business Unit leaders and staff

External:

• Managed Security Services Providers
• Security Consulting, Audit and Assessment Providers

Responsibilities and accountabilities:

You will be an integral member of the Security team in the Technology Department through the following:

• Implement and maintain Uniting’s security strategy and roadmap.
• Identify security threats, risks and vulnerabilities and ensure the remediation of these is included in the security programme.
• Implement security initiatives to improve Uniting’s security control environment.
• Perform security risk assessments of new and existing systems including the recommendation of mitigation strategies and designing practical business processes and technical solutions.
• Manage external security providers.
• Maintain Uniting’s security risk register, and security exemptions register, ensuring all risks and exemptions are current, relevant, appropriate and approved.
• Monitor the effectiveness of implemented controls to maintain compliance with Uniting’s risk appetite and security policies.

 These Role accountabilities align with the following skills from the Skills Framework for the Information Age (SFIA):

• Information Security (SCTY) – level 5
• Security Administration (SCAD) – level 5
• Incident Management (USUP) – level 4
• Information Assurance (INAS) – level 5
• Specialist Advise (TECH) – level 4 in Information Security
• Business Risk Management (BURM) – level 5

 You will have the ability to:

• Investigate and remediate security incidents and breaches using the agreed Incident Response procedures.
• Monitor compliance with Uniting policies and procedures and investigate, assess and resolve incidents of non-compliance.
• Ensure all systems changes being planned meet or exceed Uniting’s security requirements.
• Actively manage Uniting’s Managed Security Service Providers (MSSP) to ensure they meet their agreed deliverables and service levels and review monthly reports.
• Update and maintain Uniting’s policies to ensure they are current, relevant, ISO27k compliant and understandable.
• Provide both technical and non-technical advice on Security to internal and external stakeholders.
• Advise internal teams and third-party providers on security control requirements and improvements required.

 What is in it for you?

You will be part of a fun and friendly supportive team, feel valued and work in a fast-paced environment for a progressive organisation.  Uniting is a phase of growth and transformation; the latter may lead to opportunity to grow with us! Salary packaging option and a level of flexibility is offered.

Employment with Uniting is subject to satisfactory background checks which may include a national Police check, working with children check, working with vulnerable people check and reference checks.

Uniting is proud to be an EEO employer. Uniting supports an inclusive approach in the workplace. We celebrate our diversity and welcome staff regardless of ethnicity, faith, sexual orientation, gender identity, and lifestyle choices. Aboriginal and Torres Strait Islander people are encouraged to apply.