Tasmania will no longer appoint a government CISO

The Tasmanian government has decided not to appoint a chief information security officer after a year-long recruitment process for the inaugural role.

The government first advertised for a cyber chief to sit within the Department of Premier and Cabinet in December 2016, shortly before it began searching for its first government CIO to overhaul the state’s ICT strategy.

It was the first of what turned out to be a wave of states hiring dedicated cyber leaders, with New South Wales and South Australia both appealing for CISOs in the weeks and months after.

But while NSW and SA had both appointed government CISOs by last May, Tasmania was forced to reissue the job advertisement and was still in the process of hiring a government CISO at the time of Glenn Lewis’ appointment as government chief information officer six months later.

Now the state government appears to have changed tack, opting to introduce a less senior position.

A spokesperson for the department told iTnews it would now look to recruit a whole of government cyber security manager before making a decision on the CISO.

“The outcome of this recruitment will help inform the next steps regarding the chief information security officer position; it is possible that this position will be reshaped to a more generic leadership role that has oversight for cyber security," the spokesperson said.

However, much like the CISO advertisement, the cyber security manager position is also being advertised for the second time after first being issued last August.

The cyber security manager will be responsible for developing policies, procedures, and a multi-year cyber security plan aimed at improving the government’s cyber security maturity.

The successful candidate will have a similar “high degree of autonomy” as the proposed CISO position. They will also provide strategic advice to the CIO.

The spokesperson said government CIO Glenn Lewis was also currently working on a range of cyber security initiatives.

“Other key initiatives in the cyber security domain include engaging expert security consultants to assist in strategic cyber security planning and with reviewing and updating cyber security policies and incident response plans.”