About us

The Queensland Fire Department (QFD) provides fire prevention, preparedness and response services to fire in the built and landscape environments, as well as scientific and specialist capabilities to Queensland communities. The QFD provides a multi-hazard emergency response, including road crash rescue, bushfire, hazardous material, technical and vertical rescue, severe weather incidents, remote and swiftwater rescue, and provides a number of functions supporting community safety outcomes.

The department encompasses Queensland Fire and Rescue (QFR), Rural Fire Service Queensland (RFSQ), as well as the broader department which work together to pre-empt, prevent, mitigate and manage the consequences of fires and other emergencies on Queensland communities and support our large volunteer membership across the state.

The QFD is an organisation that is focused on reframing the department’s relationship with Aboriginal and Torres Strait Islander peoples, communities, and organisations through the Path to Treaty, Closing the Gap and building our cultural capability.

Purpose of role

Cyber and Information Security is responsible for managing the departments cybersecurity roadmap in conjunction with strategy and architecture team. The Cyber Planning and Policy Design team is responsible for information security, availability, confidentiality, privacy and integrity of the department’s data while effectively managing cyber risks. The team is responsible for developing and reviewing policies, programs and guidelines, and promoting awareness of cyber policy and strategies across QFD.

Reporting to the Executive Manager you will use your technical expertise and understanding of how individual cyber threats and vulnerabilities work, including making risk-based assessments of the department’s Information Technology (IT) environments to ensure all assets and systems are scanned for vulnerabilities that could impact the confidentiality, integrity and availability of QFD assets and data. You will provide expertise and guidance to a variety of stakeholders to support the functions of monitoring, investigation, containment, eradication, recovery, documentation and reporting on security vulnerabilities. You will ensure information security mitigations and solutions to IT applications, service and infrastructure are technically sound, consistent and compliant with relevant policies and standards across the organisation.

Key requirements

Highly desirable requirements

• Minimum of 5 years’ experience in risk management, information security, ICT security and modern cloud native environments.
• An Information Security Certification or qualification i.e. the Cyber Information Systems Security Professional (CISSP) or similar would be highly desirable
• Experience supporting cyber security in a mid-size to large IT environment across a wide range of technologies and applications.
• Knowledge of concepts, standards and frameworks in vulnerability management, such as Common Vulnerability Scoring Systems.
• Experience in consuming and utilising cyber threat intelligence to improve cyber security integrity.

Your key accountabilities

Your part in the ongoing success of our department, in supporting frontline services will see you responsible for a variety of work, including, but not limited to:

• Perform IT security risk-based technical assessments, and manage monitoring, investigation, containment, eradication, recovery, documentation and reporting on information assets, and proactively advocate for the implementation of appropriate measures to prevent or respond to potential information security issues.
• Conduct regular security investigations, risk and vulnerability assessments and develop reports on findings to provide strategic and tactical advice including recommendations on remediation and mitigation of future risks.
• Develop, review and implement vulnerability management policies, standards and procedures to ensure compliance with relevant data protection and privacy laws, and regulations that safeguard our organisation’s networks and systems.
• Consult, negotiate and communicate with users, system stakeholders, vendors and ICT professionals to raise awareness, and to promote and implement a shared and consistent understanding of information security and cyber security vulnerabilities.
• Provide expert analysis and advice in relation to the department’s information security threats and vulnerabilities and determine current maturity levels, and compliance with relevant legislation, regulations, standards, and frameworks applicable to information security requirements.
• Analyse multiple sources of vulnerability reports and determine what types of remediations are required to mitigate risk, streamline existing processes and implement information security efficiencies that improve our IT environment.
• Build and maintain effective working relationships with internal and external stakeholders, and suppliers to promote sound information security practices, and assist in developing strategies and activities to support effective security vulnerability management.
• Maintain, update and continually expand knowledge of developments and trends within the network and information security industry, and evaluate the benefit and applicability to departmental systems that enhance cyber security.

Capabilities

To determine your suitability for the role, you will be assessed on the following Leadership Competencies for Queensland behavioural profiles that link to the “key accountabilities” for this role:

Leadership Competency Stream – Individual Contributor (leading self)

Vision

• Stimulates ideas and innovation
• Makes insightful decisions

Results

• Builds enduring relationships
• Drives accountability and outcomes

Accountability

• Fosters healthy and inclusive workplaces
• Demonstrates sound governance

Once you join us we will want you to exemplify the QFES shared values:

• Respect
• Integrity
• Courage
• Loyalty
• Trust