The ACT government has elevated its whole-of-government CISO role to executive level, and as a result is advertising the position.

The CISO leads the territory’s Cyber Security Centre, and is part of the Digital, Data and Technology Solutions (DDTS) Group, under the Treasury and Economic Development Directorate.

The position advertisement said the role leads the ACT government’s whole-of-government strategic direction for ICT, and provides support for the whole government, including government schools and the Canberra Institute of Technology.

The ACT moved to improve its cyber security in October 2021 with an investment of more than $10 million to establish the Cyber Security Centre, more than a year after the state’s audit office strongly criticised its cyber security.

The CISO will be responsible for developing the whole-of-government cyber security policy, first articulated in a policy document [pdf] dated June 2023.

The policy mandates that the CISO develop security “awareness, culture and practices” in the territory’s public service; ensure the protection of official information; ensure the continuous availability of information assets; define standards defending the ACT against the “unauthorised access, use, modification, disclosure, damage, or destruction of information assets”, and minimise the risk of “disruption or failure” of the ACT’s ICT systems.

The role would be contracted for a period of five years, the advertisement stated.

Earlier this year, the ACT became the first government in Australia to publicly acknowledge its exposure to the Barracuda email gateway vulnerability.

An ACT government spokesperson told iTnews the position is being advertised because the role has been elevated to the executive level.

“The ACT Public Service advertises all new and elevated positions and undergoes a merit selection process as standard practice.”