About QCIF

QCIF Ltd is a not-for-profit organisation dedicated to research excellence and catalysing innovation through cutting-edge data and digital infrastructure and enterprise solutions. We support researchers across Australia with expertise and training in AI, informatics, statistics, advanced computing, and software development.

As an NCRIS node, we play a key role in national platforms such as the Australian BioCommons and the ARDC's Nectar Research Cloud.

QCIF is a project partner to researchers and clients in delivering excellence and impact. Our flexible engagement models, ranging from embedded staff to tailored support packages, offer expertise in grant preparation, research design, and beyond.

About you

You are a highly experienced and passionate information security and cybersecurity professional, having deployed your know-how within the higher education and research sector. You appreciate the ethos of maximising safe and secure access to data in promoting research collaboration. You bring a strategic mindset to security planning, along with hands-on expertise in managing security frameworks, compliance requirements and working with diverse teams and stakeholders. You are able to provide hands-on, expert technical guidance to ensure that all systems, services, and products adhere to established security compliance standards and regulatory requirements.

Your communication skills enable you to engage confidently with both technical and executive stakeholders, leveraging your appreciation of the nuances of contemporary research methods and rapidly evolving technologies. You thrive in a dynamic environment and are committed to safeguarding digital assets while fostering a culture of security awareness.

You are an Australian citizen or permanent resident.

Duties

• Provide considered and well-informed information security and cybersecurity leadership, advice, and guidance across QCIF, ensuring compliance with standards, regulations, and legislation to protect digital assets and information.
• Expand QCIF's existing information security and cybersecurity framework, policies, processes, and procedures.
• Ensure implementation and consistent application of information security and cybersecurity policies and standards across QCIF.
• Expand QCIF's existing risk management framework, policies, processes, and procedures.
• Lead and ensure implementation and consistent application of risk management practices across QCIF.
• Conduct security risk assessments and develop and implement remediation plans.
• Lead the development of monitoring, threat detection, and alerting capabilities across QCIF's environments.
• Lead the identification, evaluation, investigation, and containment of information security and cybersecurity incidents, performing stakeholder communications and engagement, post-incident reviews, and ensuring lessons learnt are applied.
• Coordinate, develop, and ensure continual delivery of information security and cybersecurity awareness training programs for QCIF employees, contractors, secondees, and clients.
• Monitor the external threat environment and advise on emerging threats.
• Collaborate with product and technology teams to embed security-by-design in the software development lifecycle.
• Coordinate penetration and break-out testing of specific applications and environments.
• Assist the development, management, and testing of disaster recovery and business continuity plans.
• Use safe manual handling techniques, practice safe work habits in line with QCIF Policies.
• Wear protective clothing provided where necessary and take a consultative role in assisting and maintaining a clean, tidy work area and a healthy and safe working environment.
• Report any health or safety hazards, faults, repairs, broken or damaged company property, cleaning needs and accidents immediately.
• Ensure all equipment is kept in good working order and used only for the purpose for which it was intended.
• Consult with employees on health and safety matters that impact them.
• Be fully conversant with emergency procedures.
• Acquire and maintain proficiency with Microsoft Office Suite.

Required Skills and Experience

• Minimum of a Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• Minimum 8 years of experience in IT operations and/or information/cybersecurity.
• At least 3 years' experience applying cyber and information security know-how in higher education/research.
• Expert knowledge of information security standards and their application.
• Demonstrated expertise in ISO 27001 standards implementation and compliance.
• Proven experience in leading information security and cybersecurity governance and initiatives, and capable of providing high-level advice to executive management.
• Proven experience in incident response, threat detection, and security monitoring in complex environments.
• Excellent communication skills.
• Relevant cybersecurity certifications are preferred but not essential for this role.