Australia’s cyber spy agency has created a chief information security officer role to enable the expansion of offensive and defence cyber security capabilities under its $9.9 billion REDSPICE project.
The Australian Signals Directorate began recruiting the Canberra-based cyber security leader over the weekend, alongside a number of other senior executive service band one level roles, including a general counsel.
A spokesperson told iTnews the “new standalone” CISO – which will double as the national communications security officer (COMSO), responsible for external engagement for the COMSO network – will “support ASD’s delivery of REDSPICE”.
REDSPICE, or the resilience, effects, defence, space, intelligence, cyber and enablers project, was funded to the tune of $9.9 billion in this year’s federal budget, with $4.2 billion set aside for the next four years.
The funding will see ASD staff levels double over the coming decade, from around 2300 staff at the end of the 2020-21 financial year to approximately 4200 in 2028-29. Most of the staff are expected to come onboard over the next two financial years.
At least some of the funding has been siphoned from the Department of Defence’s now-scrapped SkyGuardian armed drone program, which was cancelled as part of the former government’s launch of REDSPICE.
According to the job ad, the incoming CISO will be “responsible for leading a branch of skilled professionals in the delivery of IT and information security functions”, including coordinating insider threat monitoring and reporting and IT security incident response.
Until now, the “CISO function has sat within ASD’s security and integrity branch”, the spokesperson said.
“As a senior executive branch leader within the chief operating officer group you will be expected to provide strategic guidance and advice, including on further developing the roles of the branch in order to deliver on ASD's corporate outcomes — and in particular for enabling the delivery of the initiatives articulated under the current REDSPICE program,” the job ad states.
The “highly skilled” CISO will also be expected to “contribute to business continuity and disaster recovery planning, work with suppliers and service providers, receive and manage a dedicated cyber security budget and contribute to cyber security awareness raising.
“You will lead the provision of strategic guidance to the development of ICT projects that enhance ASD's ability to ensure security and integrity, including services that support security and integrity operations,” the job ad states.
In addition to a new CISO, ASD has also put out the call for a general counsel to lead a small legal team providing advice on legislation, including the operation of the Telecommunications (Interception and Access) Act 1979 and the Intelligence Services Act 2001.
“ASD recognises that its signals intelligence capabilities are uniquely intrusive, and its offensive cyber operations even more so,” the job ad states.
“That is why maintaining the Australian Government’s and the Australian public’s trust, by demonstrating that ASD operates legally and with propriety, is of the utmost importance to ASD.”
ASD is also on the lookout for at least five new SES band one level assistant directors-general to join its ranks as branch heads for cyber and ICT, and data, technology and capability.
Roles on offer include for technical threats and visibility, cyber uplift, technical advice and research, data analytics and management and data technology.