Add to collection(s) Add to saved
  1. No category
Uploaded by Srajit Saxena

Role Description - Information Security Analyst

advertisement 
Role Description
Information Security Analyst
Cluster
Stronger Communities
Agency
Office of Sport
Division/Branch/Unit
Office of the Chief Executive / Finance, Procurement and IM&T
Role number
51000058
Classification/Grade/Band
Clerk Grade 7/8
ANZSCO Code
313112
PCAT Code
1126092
Date of Approval
October 2020
Agency Website
www.sport.nsw.gov.au
Agency overview
The Office of Sport is the lead NSW Government agency for sport and active recreation.
With a vision of sport and active recreation creating healthier people, connecting communities and making a
stronger NSW, we provide the people of NSW with the leadership, policies, programs, funding and
infrastructure necessary to maximise the social, health and economic benefits realised through this valued
sector.
Our work is spread across NSW, with ten Sport and Recreation Centres, four Olympic Sport Venues and
offices throughout the state.
Primary purpose of the role
The Information Security Analyst provides technical support and advice to users across multiple locations,
platforms and technologies and is responsible for the design and implementation of the PC standard operating
environment, end user device security. The role is also responsible for assisting with the protection of data,
information security engineering and the implementation and monitoring of compliance with information
security policies and procedures.
Key accountabilities
•
•
•
•
Manage the desktop SOE design, deployment, and maintenance of information systems across
multiple sites
Manage set-up activities, application deployments and repackaging to comply with operational
requirement for service delivery
Provide advice and recommendations as the subject matter expert on SOE design and technical
support
Analyse and report on the performance of assigned systems and applications to guide owners in the
development of business cases for necessary upgrades or decisions that will reduce issues and/or
eliminate adverse impacts upon service delivery
1
•
•
Manage configuration and security policies for mobile device management, remote working and end
user device security
Manage application deployments and repackaging to comply with operational requirements for service
delivery
Key challenges
•
•
Develop and maintain detailed knowledge of multiple, complex platforms and technologies to enable
effective integration and utilisation of enterprise applications and services
Balance the strategic aspects of the role with day to day management and operational demands
Key relationships
Who
Why
Internal
Senior Information Security Officer
•
Escalate issues, keep informed, advise and receive instructions
Work team
•
Support team, work collaboratively with other areas within the IMT team
to contribute to achieving the team’s overall business outcomes
Participate in meetings to represent work group perspective and share
information
•
Clients/customers
•
•
•
Resolve issues and provide solutions to problems
Provide strategic advice for business improvement
Ensure compliance with agency and sector rules and standards
•
Develop and maintain effective relationships and open channels of
communication
Exchange information and respond to enquiries
External
Stakeholders
•
Role dimensions
Decision making
The Information Security Analyst has a limited level of autonomy regarding decision making required to
supervise the daily operations of the service desk.
Decisions on matters outside the Information Security Analyst’s accountabilities and on issues that are
contentious or sensitive and may impact on the reputation of the Agency are escalated to the Manager IMT
Service Delivery.
Reporting line
Senior Information Security Officer
Direct reports
Nil
Budget/Expenditure
Nil
Role Description Information Security Analyst
2
Key knowledge and experience
ITIL certification at least to Foundation level (ideally v3 2011)
Essential requirements
•
•
National Criminal Records Check
Current Class C Drivers Licence
Capabilities for the role
The NSW public sector capability framework describes the capabilities (knowledge, skills and abilities) needed to
perform a role. There are four main groups of capabilities: personal attributes, relationships, results and
business enablers, with a fifth people management group of capabilities for roles with managerial
responsibilities. These groups, combined with capabilities drawn from occupation-specific capability sets where
relevant, work together to provide an understanding of the capabilities needed for the role.
The capabilities are separated into focus capabilities and complementary capabilities.
Focus capabilities
Focus capabilities are the capabilities considered the most important for effective performance of the role.
These capabilities will be assessed at recruitment.
The focus capabilities for this role are shown below with a brief explanation of what each capability covers and
the indicators describing the types of behaviours expected at each level.
FOCUS CAPABILITIES
Capability
group/sets
Capability name
Behavioural indicators
Level
Display Resilience and
Courage
•
Intermediate
Be open and honest, prepared
to express your views, and
willing to accept and commit to
change
Communicate Effectively
•
•
•
•
•
•
Communicate clearly, actively
listen to others, and respond
with understanding and respect •
•
•
•
Role Description Information Security Analyst
Be flexible and adaptable and respond quickly
when situations change
Offer own opinion and raise challenging issues
Listen when ideas are challenged and respond
appropriately
Work through challenges
Remain calm and focused in challenging
situations
Tailor communication to diverse audiences
Adept
Clearly explain complex concepts and
arguments to individuals and groups
Create opportunities for others to be heard, listen
attentively and encourage them to express their
views
Share information across teams and units to
enable informed decision making
Write fluently in plain English and in a range of
styles and formats
Use contemporary communication channels to
share information, engage and interact with
diverse audiences
3
FOCUS CAPABILITIES
Capability
group/sets
Capability name
Behavioural indicators
Adept
Commit to Customer Service
•
Provide customer-focused
services in line with public sector
•
and organisational objectives
•
•
•
•
•
Deliver Results
•
•
Achieve results through the
efficient use of resources and a
commitment to quality outcomes •
•
•
•
Take responsibility for delivering high-quality
customer-focused services
Design processes and policies based on the
customer’s point of view and needs
Understand and measure what is important to
customers
Use data and information to monitor and improve
customer service delivery
Find opportunities to cooperate with internal and
external stakeholders to improve outcomes for
customers
Maintain relationships with key customers in
area of expertise
Connect and collaborate with relevant customers
within the community
Seek and apply specialist advice when required Intermediate
Complete work tasks within set budgets,
timeframes and standards
Take the initiative to progress and deliver own
work and that of the team or unit
Contribute to allocating responsibilities and
resources to ensure the team or unit achieves
goals
Identify any barriers to achieving results and
resolve these where possible
Proactively change or adjust plans when needed
Intermediate
Think and Solve Problems
Think, analyse and consider the •
broader context to develop
•
practical solutions
•
•
•
Technology
Understand and use available
technologies to maximise
efficiencies and effectiveness
Role Description Information Security Analyst
Level
•
•
•
Identify the facts and type of data needed to
understand a problem or explore an opportunity
Research and analyse information to make
recommendations based on relevant evidence
Identify issues that may hinder the completion of
tasks and find appropriate solutions
Be willing to seek input from others and share
own ideas to achieve best outcomes
Generate ideas and identify ways to improve
systems and processes to meet user needs
Identify opportunities to use a broad range of
technologies to collaborate
Monitor compliance with cyber security and the
use of technology policies
Identify ways to maximise the value of available
technology to achieve business strategies and
outcomes
4
Adept
FOCUS CAPABILITIES
Capability
group/sets
Capability name
Behavioural indicators
•
Level
Monitor compliance with the organisation’s
records, information and knowledge
management requirements
Complementary capabilities
Complementary capabilities are also identified from the Capability Framework and relevant occupation-specific
capability sets. They are important to identifying performance required for the role and development
opportunities.
Note: capabilities listed as ‘not essential’ for this role are not relevant for recruitment purposes however may be
relevant for future career development.
COMPLEMENTARY CAPABILITIES
Capability
group/sets
Capability name
Description
Level
Act with Integrity
Be ethical and professional, and uphold and promote
the public sector values
Show drive and motivation, an ability to self-reflect
and a commitment to learning
Demonstrate inclusive behaviour and show respect
for diverse backgrounds, experiences and
perspectives
Collaborate with others and value their contribution
Intermediate
Influence and Negotiate
Gain consensus and commitment from others, and
resolve issues and conflicts
Foundational
Plan and Prioritise
Plan to achieve priority outcomes and respond
flexibly to changing circumstances
Be proactive and responsible for own actions, and
adhere to legislation, policy and guidelines
Intermediate
Manage Self
Value Diversity and Inclusion
Work Collaboratively
Demonstrate Accountability
Finance
Procurement and Contract
Management
Project Management
Role Description Information Security Analyst
Intermediate
Foundational
Adept
Intermediate
Understand and apply financial processes to achieve Foundational
value for money and minimise financial risk
Understand and apply procurement processes to
Intermediate
ensure effective purchasing and contract
performance
Understand and apply effective planning,
Intermediate
coordination and control methods
5
Occupation / profession specific capabilities
Capability Set
Category, Sub-category and Skill
Level and Code
Service Management, Service Operation, Security Administration.
Level 5 – SCAD
Strategy & Architecture, Information Strategy, Information Security
Level 4 – SCTY
Delivery and Operation, Service Operation, Application Support
Level 3 – ASUP
Delivery and Operation, Service Operation, Incident Management
Level 3 – USUP
Occupation specific capability set (Skills Framework for the Information Age – SFIA)
Category and
Sub-Category
Level and Code
Level Descriptions
Development and
Level 4 HSIN
Implementation, Installation
and Integration, Systems
Installation/Decommissioning
Undertake routine installations and de-installations of items of
hardware and /or software. Takes action to ensure targets are
met within established safety and quality procedures, including,
where appropriate, handover to the client. Conducts tests of
hardware and/or software using supplied test procedures and
diagnostic tools. Corrects malfunctions, calling on other
experienced colleagues and external resources if required.
Documents details of all hardware/software items that have
been installed and removed so that configuration management
records can be updated. Develops installation procedures and
standards, and schedules installation work. Provide specialist
guidance and advice to less experienced colleagues to ensure
best use is made of available assets, and to maintain or improve
the installation service.
Service Management
Level 5 SCAD
SECURITY ADMINISTRATION (SCAD) – Monitors the
application and compliance of security administration
procedures and reviews information systems for actual or
potential breaches in security. Ensures that all identified
breaches in security are promptly and thoroughly investigated
and that any system changes required to maintain security are
implemented. Ensures that security records are accurate and
complete and that request for support are dealt with according to
set standards and procedures. Contributes to the creation and
maintenance of policy, standards, procedures, and
documentation for security.
Level 4 SCTY
INFORMATION SECURITY (SCTY) – Explains the purpose of
and provides advice and guidance on the application and
operation of elementary physical, procedural, and technical
security controls. Performs security risk, vulnerability
assessments, and business impact analysis for medium
complexity information systems. Investigates suspected attacks
and manages security incidents. Uses forensics where
appropriate.
Service Administration
Strategy & Architecture
Information Strategy
Role Description Information Security Analyst
6
Related documents
Introduction and objective
Introduction and objective
SCHOOL BOARD OF SAINT LUCIE COUNTY JOB DESCRIPTION
SCHOOL BOARD OF SAINT LUCIE COUNTY JOB DESCRIPTION
4. Tugas – essay : Review Materi Final Semester
4. Tugas – essay : Review Materi Final Semester
HIMs In Action: An Analyst Perspective
HIMs In Action: An Analyst Perspective
UW NIH Salary Cap Task Force Membership
UW NIH Salary Cap Task Force Membership
Download
advertisement