POSITION DESCRIPTION

Transcription

1 Network Security Consultant POSITION DESCRIPTION Unit/Branch, Directorate: Location: Regulatory Unit Information Assurance and Cyber Security Directorate Auckland Salary range: I $90,366 - $135,548 Purpose of position: This job exists to manage and develop relationships with telecommunications providers and with public and private organisations associated with the launch and operation of high altitude vehicles and their payloads. This job is also to support and contribute to technical assessments of network procurement, design and implementation proposals and national security risk assessments of high altitude launch vehicles and payloads. This role will also assist with the development of regulatory notices, policy, guidance and internal processes. Our mission at the GCSB is to protect and enhance New Zealand s security and wellbeing. Our values are Respect, Commitment, Integrity and Courage Information Assurance and Cyber Security Directorate purpose: The IAC Directorate contributes to the national security of New Zealand by providing technical advice and assistance to Government and organisations with significant national information infrastructures to enable them to protect their information from advanced technology-borne threats. To achieve this, the Directorate provides technical security inspections; high-grade encryption services; information assurance policy and advice; regulation of telecommunications & space activities; and high-end cyber security services to detect and respond to such threats.

2 Key accountabilities Provision of expert advice and knowledge Working with the telecommunications industry to manage expectations and supply formal correspondence Maintain knowledge of potential national security threat vectors through engagement with GCSB Intelligence Directorate and partner intelligence agencies, including equity concerns Manage the organisation of, and the distribution of information to, industry forums to support and enhance security awareness Maintain detailed knowledge of the telecommunications industry, including market pressures, technological developments, security initiatives and upcoming proposals Maintain knowledge of potential national security threat vectors associated with the launch or operation of high altitude vehicles or their payloads Engage with agencies and operators of outer space and high altitude vehicles to understand the nature of threats to national security Research information from both classified and unclassified sources to enhance network security awareness Identifies and supports partner activities in areas likely to be of technological significance to the GCSB Represents the GCSB at conferences, forums and working groups as required. Information assurance and compliance Deliverables/Outcomes National security concerns are identified, evaluated and communicated accurately and within agreed timeframes Decisions, communications and policy positions are escalated in accordance with procedures and within agreed timeframes GCSB and MBIE executive are appraised of potential national security concerns early in the procurement cycle Outer space and high altitude launches are not delayed due to delays caused by regulatory unit Partner agency intelligence equities are protected and compartmentalised General enquiries not related to specific proposals are responded to accurately, concisely and within agreed timeframes All network changes are notified in a timely manner, sufficiently early in the investment cycle to influence the decision making process Industry awareness of network security concerns are enhanced and implementation guidance is understood Rapid decisions made by network operators are anticipated and processed within agreed timeframes Information which adds value and enhances network security understanding is shared with industry Is recognised as a subject matter expert and confidently and competently speaks to any audience on modern telecommunications network security issues Demonstrates strategic foresight with respect to telecommunication technology Provide Information Assurance advice to support technical assessors Assist with identifying methods of detailing national security concerns and mitigation strategies Assists with the preparation and Network security concerns are heeded by network operators and decisions are adjusted where it is necessary to do so Practical Information Assurance advice is provided alongside expert technical advice to assist network operator decisions

3 implementation of regulatory notices, policy, guidance and processes Risk assessments GCSB does not unnecessarily impede the innovation or time to market in the telecommunications industry Policy and associated framework is fit for purpose and in accordance with legislation Receive, catalogue and maintain records of network proposals Provide regular reports and briefings to key internal and external stakeholders, including but not limited to national security risk assessments and internal reports Legal review of proposals occurs at the appropriate juncture and compliance processes are followed All network security proposals are accurately recorded and maintained appropriately Collaboratively work with stakeholders to provide robust and evidence based risk assessments Peer review assessments of national security risk assessments to ensure accuracy and assessments are conducted in accordance with legislation, regulations and procedures Assessment briefings are conducted and/or supported within agreed timeframes and meet stakeholder requirements Network Operator proposals are assessed promptly and within agreed timeframes, delays are communicated and expectations are set Relationship management Emphasis on ensuring that working relationships with key colleagues, partners and stakeholders are initiated, enhanced and maintained Effective relationships with external stakeholders are developed and maintained to support GCSB s purpose at an operational level The reputation of GCSB is positively viewed by key stakeholders Contribute to the execution of the IACD Operational Plan The manager is kept informed of relevant issues that have an impact on team and unit outputs Creating joint outputs with other units across GCSB and the NZ Intelligence Community Involving customers in the design and development of services Organisational stovepipes and obstacles to collective outputs are challenged and reduced or overcome Unit services reflect customer needs and requirements

4 Health and safety (for self) Work safely and take responsibility for keeping self and colleagues free from harm Report all incidents and hazards promptly Know what to do in the event of an emergency Cooperate in implementing return to work plans Be a visible role model at all times Follow GCSB s safety rules and procedures Other duties A safe and healthy workplace for all people using our sites as a place of work All requirements in the NZIC Health and Safety policy and procedures are met Contributes to business planning at section, unit and/or Directorate level Any other duties that fall within the scope of the position Fully participates and contributes to business planning, as required Position delegation Financial delegation: None Key stakeholders Internal: Information Assurance and Cyber Security Directorate staff IT Security staff External: Ministry of Business Innovation and Enterprise National Cyber Police Office Counterparts within the wider New Zealand Intelligence Community and central government agencies, including NZ Police Other partner intelligence agencies Telecommunications network operators, service providers and equipment manufacturers Second-party providers and equipment vendors

5 Person Specification Experience: A minimum of 10 years relevant experience in the New Zealand telecommunications sector. Experience in the security of modern telecommunications networks. Experience in relationship management through consultancy, vendor management or corporate sales. Experience managing stakeholder or client relationships, is desirable. Experience in regulatory processes, policy advice and compliance frameworks, is desirable. Knowledge and Skills: Proven capabilities in the design and implementation of telecommunications networks. A thorough understanding of contemporary telecommunications technology A thorough understanding of contemporary network security issues Strong interpersonal and communication skills, and the ability to relate effectively to both technical and non-technical people at all levels of an organisation Proven leadership qualities in a technical environment, and the ability to deal effectively and sensitively with other people Demonstrable ability to develop and present technical and regulatory presentations to external subject matter experts An eye to detail and a commitment to accuracy and quality in all work activities. Highly effective planning and organisational skills Highly developed oral and written communication skills, including the ability to communicate and build relationships at all levels; and to maintain a courteous, diplomatic and personable approach to customers and community partners The ability to participate in management forums as an effective member of the team, and contribute to the development of a high performance organisation

6 The ability to represent the GCSB professionally and with credibility within national and international communities Knowledge of the methods and techniques used by foreign states to utilise, telecommunications infrastructure to affect espionage, is desirable. Qualifications and Courses: Tertiary level qualification (Bachelor level) or equivalent experience, in Information Technology, Computer Science or equivalent, with an emphasis on information security. Tertiary papers in computer science and information security, is desirable. Current CISSP or CISM or other equivalent professional computing/networking qualification, is desirable. Specific Job Requirements: Ability to obtain and maintain a TSS security clearance NZIC Competencies In addition to the Person Specification above, competency standards which outline the development requirements of the position are set out under the NZ Intelligence Community (NZIC) Career Pathways framework. The Career Pathways framework enables progression within the job. Full descriptions of progression competencies and an overview of the NZIC Career Pathways framework is available on appointment.

7 Changes to Position Description Positions in the GCSB may change over time as the organisation develops. Therefore we are committed to maintaining a flexible organisation structure that best enables us to meet changing market and customer needs. Responsibilities for this position may change over time as the job evolves. This Position Description may be reviewed as part of planning for the annual performance cycle. Date PD reviewed: 6/06/2018 Signatures Managers Name Signature Date: Employee s Name Signature Date: