Senior Cyber Security Operations Advisor

Tēnei tūranga – About the role

Reporting to the Manager Cyber Security Advisory this position is a senior position with the purpose of monitoring and facilitating cyber security risk controls delivery across MBIE. They are also responsible for the development, improvement, and monitoring the performance of security processes. They are to provide process and technical leadership to the Cyber Security Operations Advisor.

The Senior Cyber Security Operations Advisor ensures that MBIE ICT effectively manages and provides support on security activities that ICT has not outsourced. They also provide capacity to deal with the inevitable 'extras' that come up irrespective of the multi-source outsourced model in place at MBIE.

They are also responsible for overseeing vulnerability assessments and System Security Plans to support system certifications and to validate supplier performance in delivery of security controls.

Senior Cyber Security Operations Advisor will:

• Provide Security SME advice to cyber security architects on modifications to existing security services; or ad-hoc advice on BAU security activities.

Ngā herenga – Requirements of the role

Personal specifications

• In depth knowledge and 4-5 years’ experience in cyber security.
• Ability to make the connections between various aspects of the organisation and implications for their business unit.
• Ability to assimilate new information or areas of work and come to an understanding of unfamiliar and complex issues.
• Developed analytical and conceptual thinking ability.
• Ability to quickly establish and build strong working relationships.
• Good communication skills.
• Proven ability to develop trust and credibility with managers and staff.
• Understanding of MBIE and where the team fits in delivering outcomes for the ministry.
• Credit check required (no).
• Required to drive (no).
• Police vetting (no).

Qualifications

• A relevant tertiary qualification or equivalent knowledge, skills, and experience.
• Security practitioner certification, or equivalent, e.g. CISSP or similar, would be a distinct advantage.
• Knowledge and understanding of NZISM.
• Good Microsoft Sentinel and Microsoft Defender suite experience.
• Strong knowledge of cyber security practices in a hybrid environment of on-premise, SaaS, and cloud services, preferably in an operation and/or incident management role.
• Strong experience with creating analytical queries, playbooks and automation rules.
• Excellent oral & written technical communication skills.
• Ability to identify and mitigate network vulnerabilities and explain how to avoid them.
• Experience with both technical and operational support areas covering a broad range of security technologies, such as SIEM, firewalls, networking, system administration and scripting.
• Knowledge of the Protective Security Requirements (PSR), New Zealand Information Security Manual (NZISM), ISO 27001/27002, National Institute of Standards and Technology (NIST), Australian Signals Directorate Information Security Registered Assessors Program (ASD IRAP), OWASP or other similar frameworks.  
• Must have the legal right to live and work in New Zealand.
• Must be able to obtain and maintain a secret security clearance.

Takohanga tuhinga o mua – Key accountabilities and deliverables

Vulnerability assessments and System Security Plans for system certifications - Monitor cyber security risk controls and validate supplier performance in delivery of those security controls.

• Provides specialist advice to MBIE managers, staff, and stakeholders on cyber security controls and processes.
• Assist in the development and maintenance of the cyber security policies, standards and guidelines.
• In conjunction with the Manager Cyber Security, contribute to security awareness education material.
• Using relevant methods and tools monitors whether cyber security controls are consistently assessed and treated in line with MBIE’s security framework.
• Informs security architects on risks within a defined functional technical area (network, application, infrastructure, process etc.).
• Uses consistent processes for identifying and responding to security issues.
• Refers to domain experts for guidance on specialised areas of risk, such as security architecture and environment.
• Supports the Principal Cyber Security Architect in coordinating and monitoring ICT security service providers’ maintenance and improvement of processes for countermeasures and contingency plans.
• Conducts vulnerability assessments for defined business applications or IT installations, and provides advice and guidance on the application and operation of procedural and technical security controls (e.g. the key controls defined in the NZISM, ISO27001 and NIST).
• Monitors the application and compliance of security administration procedures.
• Takes responsibility for understanding client requirements, collecting data, delivering analysis and problem resolution.
• Identifies, evaluates and recommends security control and process options, implementing if required.
• Seeks to fully address client needs, enhancing the capabilities and effectiveness of client personnel, by ensuring that proposed solutions are properly understood and appropriately exploited.
• Oversees the annual security assurance programme.
• Monitors and advises on ICT provider cyber security related performance.
• Provides assistance and advice to the ICT security service providers for security events and incidents, and provides reports on such occurrences and recommends appropriate control improvements.
• Takes responsibility for investigative work to determine requirements and specify effective business processes, through improvements in information systems, data management, practices, procedures, organisation and equipment.

Relationship Management

• Participates as an active team member and contributes knowledge and expertise needed to achieve MBIE’s outcomes.
• Develops effective working relationships with other MBIE managers and staff in order to transfer knowledge and learning from the team to the wider organisation.
• Builds and maintains effective relationships and partnerships with internal and external stakeholders, as necessary, in order to identify and share best practice information and to promote the Ministry, its products and services.
• Represents whole-of-Ministry views and protects its reputation in any external interactions.

Self-Management

• Models positive behaviours.
• Models the desired values and culture of the organisation.
• Willingly shares knowledge, expertise and within the team and with others in the organisation.
• Acts with honesty and integrity.
• Welcomes feedback and is receptive to input from others.

Wellbeing, health and safety

• Displays commitment through actively supporting all safety and wellbeing initiatives.
• Ensures own and others safety at all times.
• Complies with relevant safety and wellbeing policies, procedures, safe systems of work and event reporting.
• Reports all incidents/accidents, including near misses in a timely fashion.
• Is involved in health and safety through participation and consultation.

Tō tūranga i roto i te Manatū – Your place in the Ministry

The Senior Cyber Security Operations Advisor position reports into the Manager Cyber Security Advisory within the Cyber Security branch. The branch sits within the Digital, Data and Insights group.

More information about MBIE’s structure

To mātou aronga – What we do for Aotearoa New Zealand

Hīkina Whakatutuki is the te reo Māori name for the Ministry of Business, Innovation and Employment. Hīkina means to uplift. Whakatutuki means to move forward, to make successful. Our name speaks to our purpose, Grow Aotearoa New Zealand for All.

To Grow Aotearoa New Zealand for All, we put people at the heart of our mahi. Based on the principles of Te Tiriti o Waitangi / The Treaty of Waitangi, we are committed to upholding authentic partnerships with Māori.

As agile public service leaders, we use our breadth and experience to navigate the ever-changing world. We are service providers, policy makers, investors and regulators. We engage with diverse communities, businesses and regions. Our work touches on the daily lives of New Zealanders. We grow opportunities (Puāwai), guard and protect (Kaihāpai) and innovate and navigate towards a better future (Auaha).

Ngā matatau – Our competencies

Cultivates innovation We create new and better ways for the organisation to be successful by challenging the status quo generating new and creative ideas and translating them into workable solutions.

Nimble learning We are curious and actively learn through experimentation when tackling new problems by learning as we go when facing new situations and challenges.

Customer focus We build strong customer relationships and deliver customer-centric solutions by listening and gaining insights into the needs of the communities we serve and actively seeking and responding to feedback.

Decision quality We make quality and timely decisions that shape the future for our communities and keep the organisation moving forward by relying on an appropriate mix of analysis, wisdom, experience, and judgement to make valid and reliable decisions.

Action oriented We step up, taking on new opportunities and tough challenges with purpose, urgency and discipline by taking responsibility, ownership and action on challenges, and being accountable for the results.

Collaborates We connect, working together to build partnerships with our communities, working collaboratively to meet shared objectives by gaining trust and support of others; actively seeking the views, experiences, and opinions of others and by working co-operatively with others across MBIE, the public sector and external stakeholder groups.

Te Tiriti o Waitangi

As an agency of the public service, MBIE has a responsibility to contribute to the Crown meeting its obligations under Te Tiriti o Waitangi (Te Tiriti). Meeting our commitment to Te Tiriti will contribute towards us realising the overall aims of Te Ara Amiorangi – Our Path, Our Direction, and achieve the outcome of Growing New Zealand for All. The principles of Te Tiriti - including partnership, good faith, and active protection – are at the core of our work. MBIE is committed to delivering on our obligations as a Treaty partner with authenticity and integrity and to enable Māori interests. We are committed to ensuring that MBIE is well placed to meet our obligations under the Public Service Act 2020 (Te Ao Tūmatanui) to support the Crown in strengthening the Māori/Crown Relationship under the Treaty and to build MBIE’s capability, capacity and cultural intelligence to deliver this.

Mahi i roto i te Ratonga Tūmatanui – Working in the public service

Ka mahitahi mātou o te ratonga tūmatanui kia hei painga mō ngā tāngata o Aotearoa i āianei, ā, hei ngā rā ki tua hoki. He kawenga tino whaitake tā mātou hei tautoko i te Karauna i runga i āna hononga ki a ngāi Māori i raro i te Tiriti o Waitangi. Ka tautoko mātou i te kāwanatanga manapori. Ka whakakotahingia mātou e te wairua whakarato ki ō mātou hapori, ā, e arahina ana mātou e ngā mātāpono me ngā tikanga matua o te ratonga tūmatanui i roto i ā mātou mahi.

In the public service we work collectively to make a meaningful difference for New Zealanders now and in the future. We have an important role in supporting the Crown in its relationships with Māori under the Treaty of Waitangi. We support democratic government. We are unified by a spirit of service to our communities and guided by the core principles and values of the public service in our work.

What does it mean to work in Aotearoa New Zealand’s Public Service?(external link) — Te Kawa Mataaho The Public Service Commission