<< Back to Search Results

Senior Information Security Specialist

NZ Ministry of Justice
Job Category:
IT & computing
Wellington City
Job Type:
Posted Date:
Closing Date:
File Attachment:
Job Description.pdf (PDF, 455KB)
Job Specification

Employer Website:

Job Description

Senior Information Security Specialist, ICT Security, Risk and Assurance, National Office


  • We are looking for someone to lead and provide sound counsel
  • The team has responsibility for managing a range of risk and assurance activities
  • Information Security experience in large and complex organisations

ICT Security, Risk and Assurance manage and maintain ICT Security strategy, policy, guidelines and processes to ensure that ICT security risk across the Ministry is understood and managed appropriately. The team scans the market to understand industry standards and recommendations for ICT security and is the Ministry's co-ordination point with the GCIO for the Government ICT technology roadmap. Compliance requirements for ICT change delivery processes are directed by this team and monitored through relevant assurance activities.

The team has responsibility for managing a range of risk and assurance activities including: ensuring ICT's risk profile is clearly documented and understood; ensuring ICT services support group level Business Continuity Plans; and providing quality assurance activity and reporting across the ICT Business Group, referencing appropriate Government and industry frameworks. The team also provides oversight and monitoring of ICT risk on behalf of the ICT Senior Leadership team and the Ministry as a whole feeding into over-arching organisational risk profiles.

We are looking for someone to lead and provide sound counsel on the development and implementation of enterprise-wide information security strategies, policies, processes and security controls. As part of this, you will oversee control and governance activities, identify and assess security risks and vulnerabilities and provide advice and expertise in support of significant ICT projects and initiatives.


  • Provide technical leadership and oversight on a range of specific technology controls, information security policies, standards and processes.
  • Lead security risk assessments, vulnerability assessments and assessments of security control and/or procedural appropriateness.
  • Contribute to the design, development, and oversight of security management strategy and frameworks.
  • Ensure systems and processes are in place to monitor, detect and respond to current and emerging security threats.
  • Provide leadership and guidance on the development of on-going security risk reporting, monitoring key trends and defining metrics to measure control effectiveness for own area.
  • Act as primary practice / technical expert and proactively work with technology partners and stakeholders and service/platform owners to ensure all technology security components are integrated into the Ministry's overall Enterprise Architecture and control gaps are addressed.
  • Proactively review internal security processes and activities to identify opportunities for improvement.
  • Advise on, oversee, monitor and apply relevant security frameworks and methodologies to Ministry ICT activities.
  • Influence behaviour to reduce risk and foster a strong risk management culture throughout the Ministry.


  • Tertiary degree in a relevant field or equivalent experience; and a commitment to ongoing professional development.
  • Relevant industry experience, technical qualifications and / or certifications (such as CISSP)


Information Security experience in large and complex organisations, including:

  • Contributing to the development of pragmatic security frameworks.
  • Providing oversight and assurance to security work performed by external parties to ensure consistency of practice.
  • Consulting with product, service and project teams on implementing security by design.
  • Communicating with a wide range of audiences on a range of complex issues.
  • Able to build and maintain a range of effective business relationships within an organisation and a wide network of professional relationships across organisations.
  • Sound understanding of New Zealand Government information security directives and frameworks.

To apply, complete the application form, attaching your CV, cover letter.  Applications close on Wednesday 25 April 2018.


Apply To:

<< Back to Search Results