IT Security Analyst - Assurance

Location: Sydney, Brisbane, Melbourne 

Contract Type: 12 month Fixed Term Contract (up to 24 months)

MinterEllison is one of Australia’s largest independent law and consulting firms. With a heritage of almost 200 years, we are known for our excellence, and our authentic and enduring relationships with our clients, our people and our communities. Clients seek out MinterEllison to help them solve complex problems every day. We do this by our full-service legal offering and complementary consulting offering.

We offer opportunities to work on industry-leading mandates for top-tier clients, while being part of a high-performing and collaborative team that values excellence, diversity of thought, curiosity, and inclusion. We value our people and empower them to achieve their ambitions - with the support, trust and autonomy to grow their careers in meaningful ways.

We support sustainable ways of working regarding how, when and where you work and offer a wide range of social, financial and health benefits (see www.minterellison.com/-/media//Minter-Ellison/Files/Careers/MinterEllison-Employee-Benefits-2024.ashx)

Your Role

Our IT Security team is currently looking for an IT Security Analyst to manage and maintain compliance coordination activities under our assurance practice. The assurance practice covers – client questionnaires, supply chain security, pen testing, user awareness and compliance with various security standards. This is an internal role reporting into the IT Security GRC Manager and may include occasional travel to other MinterEllison offices. The role is supported by and works closely with broader IT security team, Business Hub for questionnaire coordination, IT project management office, IT Procurement practice and multiple managed services providers.

You will have at least 2 years' experience in information systems environment and a background in information technology. You will have a good understanding of security software and platforms, and security principles, standards and procedures. You are motivated and excited to inspire people at all levels of the business to implement and uphold information security best practices and standards.

More About You

In this role you will have the opportunity to:

• Respond to client questionnaires, audits, security program enquiries, and RFPs on any cybersecurity enquiries
• Build and maintain an ongoing relationship with our external clients security teams
• Perform supply chain security reviews including annual reviews and keep the risk register up to date
• Support the cyber risk managment lifecycle for new and existing systems and applications
• Contribute to the IT Security awareness program (Email newsletters, monthly awareness, Ad-hoc alerts) and coordinate with the broader IT training and Talent training teams.
• Assist with maintaining MinterEllison's compliance program (including ISO27001, SSAE16, ASD E8, NIST, CPS 234), risks and any remediation. Work with internal and external auditors to schedule and respond to ISO audits
• Maintain MinterEllison Security Trust Centre with regular updates on IT sec policies, procedures, and other information about the security program
• Running quarterly audits on key stats such as privileged access, user access, mobile device compliance, asset inventory etc
• Assist with IT security operations on any security incidents during and, if required, after business hours
• Be up-to-date with information security best practices and industry trends for security solutions and standards

Knowledge, Skills and Experience:

• At least 2 years' experience in information systems/ cyber security environment and a background in information technology.
• Expert level skill in coordinating tasks, organising activities and maintaining a program on schedule.
• Demonstrated experience in writing high quality executive reports/briefings
• Excellent knowledge of information security principles, standards and frameworks such as ISO27001, SSAE16, APRA CPS234, ASD essential 8. Familiarity with NIST v2.0.
• Experience in running internal IT audits/assessments on policy compliance
• Experience in running supplier assessments and making recommendations from the response
• Must have agile-mindset, incremental delivery over perfection, willingness to try new approaches to a problem
• Ability to manage projects and tasks independently with little supervision
• Relevant security trainings/certifications not mandatory but will be highly desirable

How to apply

We encourage applications from people of all ages, abilities, cultural backgrounds, genders (including trans or gender diverse), LGBTQ+ people and those with carer responsibilities. We particularly encourage Aboriginal and Torres Strait Islander people to apply.

We prefer to connect with people directly, so please submit your CV by clicking on the 'Apply' button. We encourage all applications, including if you do not meet all the criteria listed for the role. Your application will also enable us to consider you for other opportunities that may be available at MinterEllison.

If you are currently a MinterEllison employee, please apply through the internal careers page.

If you would like further information, require any adjustments throughout the recruitment process or for a confidential discussion, please contact Miriam.Harner@minterellison.com.