Information Security Analyst

Information Security Analyst

Vocus Group | sydney, NSW, AU

Posted 7 days ago

Apply Now


What’s the opportunity?
The role requires to analyse and review the security risks associated with Vocus Applications & Cloud hosting environments. The information security analyst will help to enforce the best security practice from various industry defined security standards such as ISO 27001, PCI DSS, ISM, etc.
The role can be based in Melbourne, Sydney or Perth. 
What you’ll be doing in the role:
  • Proactively conduct security risk analysis on Vocus Applications & Cloud systems, identify security vulnerability/weaknesses, evaluate countermeasures, and recommend best security practices to mitigate the vulnerabilities and the associated risks
  • Security review of SaaS, PaaS, and IaaS services of Vocus, based on the CSA CSM matrix and cloud security best practices
  • Review the results and coordinate remediation activities of the penetration test findings as conducted by the external pen testers on Vocus Web Applications and Api’s
  • Participate and recommend security controls for Applications & Cloud related projects in Vocus
  • Develop and maintain regular information security reports for managers and team
  • Assist the Information Security Manager with continuous review and ensuring compliance to security standards and policy
  • Problem Solving, Multitasking and business relationship skills

  • What you will need to be successful in a team like this:

  • You have the full rights to work in Australia. You are an Australian citizen or a Permanent Resident 
  • The candidate should have minimum 2 years of experience in a similar role with a service provider organisation
  • Tertiary qualification in IT, Computer Science, or a related discipline desirable with experience working in large, distributed enterprise environments
  • Good understanding of Cloud based hosting models i.e., SaaS, PaaS, and IaaS
  • Good understanding of application development and integration lifecycle based on the CI/CD pipeline and the associated risks at each phase
  • Understanding of the Industry recognized Cloud hosting platforms e.g., AWS
  • Understanding of security technologies such as WAF, SAML, SIEM, CASB
  • Understanding of security standards such as OWASP, ISO27001, ISO 31000, PCI-DSS, ASD Essential 8, TSSR
  • Strong report writing Skills and in presenting the technical information to development and management teams
  • General Industry Security Certifications such as ITIL, CCSK, CEH, CISSP etc. desirable
  • Knowledge and expertise in the Governance, Risk Management of technical services
  • Ability to build strong relationships and maintain a rapport with supporting colleagues/team members, internal Vocus stakeholders, and 3rd party service providers
  • Ability to quickly learn new skills and adapt to a new environment
  • Good communication skills both written and verbal with demonstrated ability to engage business and technology teams
  • Experience with national and virtual teams
  • General Industry Security Certifications such as CISSP, CCSK, CCSP, CEH, ITIL, or vendor relevant certifications desirable

  • In return Vocus commit to a fast paced and fun workplace that is committed to career development opportunities within the company nationally and across different areas.
    We have the best employee benefits such as Internet discounts, the ability to purchase leave, anniversary leave, awesome parental leave benefits. We work in a hybrid environment of 2 days in our Vocus offices and work from home 3 days each week.
    Best of all we believe in flexibility and fitting your job into your life - Vocus is quite simply just a great place to work!