Role overview

The Senior Advisor, Digital Assurance and Compliance is a significant contributor and is an expert in IT security related disciplines who will provide strategically aligned, technical and practical ICT security advice and direction. This role will identify and implement information security controls to assure the likely achievement of the digital/information security strategic direction across Education Payroll, influencing ICT and business colleagues.

This role will provide expert advice and information security and risk management leadership to project and programme teams, IT security, privacy and the business to ensure the required information processes are followed for certification and accreditation to occur.

Key responsibilities and accountabilities

Digital assurance

  • Ensure quality is incorporated into all ICT security and risk management activities and deliverables.
  • Contribute to an increase in the maturity of Digital/ICT tools, processes and security capability across ICT through a mindset of continuous improvement.
  • Accountable for the completeness and accuracy of reports on key digital /information security indicators.
  • Accountable for the compliance with digital/information security policies, standards and procedures.
  • Responsible for the effectiveness of security awareness and developing training programmes.
  • Report on digital/information security assurance work and findings to the General Manager, Digital & Technology.
  • Produce reporting appropriate to different audiences within EPL that will convey the state of information security both within the project and programme as well as the operational landscape.
  • Lead the delivery of assurance over the effectiveness of digital/information security compliance programs and initiatives.
  • Maintain and improve the ongoing Digital/ICT Security Risk Assessment (SRA) portfolio, facilitating consistent delivery by articulating risks, assessing different internal controls and providing recommendations about implementation of reasonable cost-effective mitigation actions.
  • Actively contribute to a state of Continuous Self Assessment (CSA) of key ICT controls by monitoring, optimising and applying specific, pre-determined and regular SRA reviews.
  • Provide assurance that the Disaster Recovery Plan adheres to policy, is kept up to date and is subject to an appropriate testing regime.
  • Lead the provision of advice to business leaders on digital /information security assurance for both new and existing digital solutions.

Certification and accreditation (C&A)

  • Plan, schedule, and deliver the agreed digital and technology security reviews in a timely manner as per the Certification & Accreditation (C&A) backlog and pipeline.
  • Provide guidance and feedback to projects and programmes on the meeting of the C&A requirements.
  • Lead the certification and accreditation of new systems/services and the recertification of existing systems and services.
  • Review and provide advice to the Hautū, Digital and Technology on the assessment of information security risk, the application of relevant and pragmatic controls and the determination of residual risk.
  • Ensure projects comply with strong C&A practices and Information Security requirements by considering key governance, risk and compliance matters.
  • Develop controls assessment reports that assess whether controls and control ownership which mitigate security risks are still operating.

Compliance

  • Assist the Hautū Digital & Technology with the provision of digital/information security information to external agencies and the external audit function.
  • Lead the broader risk management processes and governance for the digital and technology team.

Subject matter expert advice

  • Provide specialist ICT security advice and support collaborating with Product Manager, Product Owners and Business Owners by understanding and applying expert ICT digital security research and analysis and specialist knowledge accumulated from experience;
  • Completing risk based digital security reviews and delivering informed and situational risk based recommendations.

Leadership

  • Identify and lead business and operations improvement opportunities.
  • Recommend and action preventative controls to minimise incidents and costs associated.
  • Interpret and select elements of EPLs risk framework and deliver to the identified risk profile.

Leadership expectations

Lead self

  • Demonstrate the Education Payroll values – Treat everyone with respect; work as a team; make things easier; improve though understanding; learn through doing.
  • Maintain positive relationships.
  • Hold yourself accountable.
  • Be agile and adaptive.
  • Show courage.

Lead Education Payroll

Strategic planning
  • Actively contribute to creating and maintaining a strategy that aligns actions, plans and resources with business objectives.
Business planning
  • Plan and take actions that ensure a sustainable workforce now and into the future, including developing succession plans.
  • Define and prioritise initiatives across the medium and short term that align with the EPL strategy and objectives.
Risk management
  • Identify, assess, mitigate and record risks arising from internal process, people, systems or external events that could potentially disrupt business operations and/or breach legislative requirements.
  • Escalate risks that cannot be sufficiently mitigated within your span of control.
  • Take collective responsibility for enterprise risk management and understand the cumulative impact of risks across the organisation.
Contract and supplier relationship management
  • Actively manage contracts for supplies and products in a way that ensures delivery in accordance with the agreed performance standards and provides value for money for EPL.
Customer orientation, continuous improvement and quality assurance
  • Consider the customer perspective, needs and satisfaction in all aspects of business strategy and operations.
  • Approach operations with a continuous improvement mindset, working to enhance products, processes and services incrementally over time.
  • Assure performance and quality objectives are being met through regular assessments and reviews. Take appropriate action where performance is below standard.

Required experience, skills and knowledge

  • 5+ years’ experience in a related role.
  • Understanding of IT practices and frameworks including Systems Development Life Cycle, Change Management, Risk Management and Project Management.
  • Able to multi-task and manage different streams of work.
  • Strong troubleshooting and administration skills.
  • Flexible approach to work and problem solving.
  • Problem-solving, analytical skills and strong attention to detail.
  • Excellent communication skills with the ability to explain complex technical issues to a non-technical audience.
Back to Work with us page
Apply now on Seek.co.nz
Position Description – Senior Advisor Digital Assurance and Compliance FINAL April 2024Download

If you have questions about this role email myhr@edpay.nz and we will be able to get you talking to the right people.