Manager - Security Assessor Essential Eight (Canberra)

Other locations: Primary Location Only The opportunity The Security Assessor is responsible for leading and delivering Essential Eight maturity assessments across Federal Government and regulated Defence industry clients. The role focuses on assurance activities including documentation-based reviews, onsite validation of security configurations and technical control effectiveness testing. The position requires strong audit discipline, sound technical foundations in networking and infrastructure security, and the ability to translate control gaps into practical and defensible remediation advice aligned to government frameworks. This role operates as a trusted advisor to senior stakeholders, including CISOs, security executives and system owners, providing explicit assessment outcomes and maturity uplift guidance. This is a hybrid position based in Canberra – Ngambri. Your key responsibilities
- Lead end-to-end delivery of Essential Eight maturity assessments in line with ASD guidance across Unclassified, Official, Protected and higher environments.
- Conduct document-based control reviews including policies, standards, procedures, architectural designs and operating models.
- Plan and execute onsite assessments including evidence collection, interviews, observation and validation of implemented controls.
- Assess technical control effectiveness across application whitelisting, patching, macro security, privilege management, MFA, backups and configuration hardening.
- Critically evaluate the design and operating effectiveness of controls against Essential Eight maturity requirements.
- Document assessment outcomes with clear maturity ratings, risk articulation and defensible audit trails.
- Develop clear findings, evidence summaries and prioritised remediation recommendations for technical and executive audiences.
- Provide quality assurance over junior assessor outputs and contribute to consistent assessment methodologies.
- Support client uplift programmes through reassessment, targeted advisory and validation reviews.
- Engage confidently with system owners, infrastructure teams and security leadership to validate control implementation.
- Maintain strong alignment to ASD guidance, ISM, PSPF and DISP requirements as applicable. Skills and attributes for success Experience and Qualifications:
- 7‑10 years’ experience in cyber security, technology risk or security assurance roles.
- Demonstrated experience delivering Essential Eight assessments end to end.
- Experience working with Australian Federal Government or regulated industry clients.
- Prior audit, assurance or risk assessment background highly regarded.
- Formal tertiary qualification in information security, IT or related discipline preferred. Technical Knowledge and Skills:
- Strong working knowledge of the ACSC Essential Eight maturity model and assessment guide.
- Practical understanding of Windows operating systems and security configuration baselines.
- High-level understanding of modern ICT environments, including on‑premise, cloud and SaaS application architectures.
- Solid networking fundamentals including firewalls, segmentation, remote access, authentication flows and logging.
- Understanding of identity and access management including privileged access models and MFA implementations.
- Knowledge of backup architectures, recovery testing and resilience considerations.
- Familiarity with vulnerability and patch management processes and tooling.
- Ability to interpret technical artefacts such as system builds, group policies, firewall rules, and access configurations.
- Understanding of common security control frameworks such as ISM, NIST and ISO 27001. Assessment and Consulting Skills:
- Demonstrated experience undertaking formal control assessments in regulated or government environments.
- Strong understanding of assurance principles including independence, evidence sufficiency and defensibility.
- Experience conducting both paper‑based and onsite evidence‑driven assessments.
- Ability to identify gaps between documented intent and actual operational practice.
- Comfortable challenging control owners where evidence does not support claimed maturity.
- Proven ability to communicate complex technical issues clearly and concisely.
- Comfortable engaging with senior executives, CISOs and technical teams.
- Strong written skills with experience producing assessment reports suitable for executive and regulator consumption. Ideally, you’ll also have the following skills and attributes but we are interested in your aptitude, attitude and willingness to learn:
- High level of professional judgement and integrity.
- Strong attention to detail and evidence discipline.
- Structured and methodical approach to assessment delivery.
- Confidence operating in sensitive and secure environments.
- Commitment to continuous learning and alignment to evolving government guidance. What we offer you
- Career development: At EY, your career is yours to shape! We’ll develop you with future‑focused skills and equip you with world‑class experiences.
- Flexible work arrangements: Our flexible work policies empower you to balance your professional and personal life.
- A comprehensive benefits package: From wellness incentives to additional flex leave and family‑friendly policies, including gender‑neutral paid parental leave.
- Salary: Competitive salary open to negotiation based on skills and experience. Acknowledgement of Country EY acknowledges the Traditional Owners and Custodians of the lands on which EY offices are located around Australia. We pay our respects to their cultures and to their Elders — past, present, and emerging. Find out more about our vision for reconciliation at ey.com/en_au/careers/indigenous. Inclusiveness is core to who we are and how we work together, driving value for our people and for our business. We encourage applications from people of all ages, nationalities, abilities, cultures, sexual orientations, and gender identities and are committed to providing an equitable and barrier‑free recruitment experience for all. We encourage you to share any support and adjustments you need to be your best and participate equitably in our recruitment process. Anything you tell us will be kept completely confidential. Our preferred applicant will be required to undertake employment screening by EY or our external third‑party provider. #J-18808-Ljbffr Apply on Kit Job: kitjobau.com/job/3qyxr1