Manager - Security Assessor Essential Eight

The opportunity

The Security Assessor is responsible for leading and delivering Essential Eight maturity assessments across Federal Government and regulated Defence industry clients. The role focuses on assurance activities including documentation-based reviews, onsite validation of security configurations and technical control effectiveness testing. The position requires strong audit discipline, sound technical foundations in networking and infrastructure security, and the ability to translate control gaps into practical and defensible remediation advice aligned to government frameworks.

This role operates as a trusted advisor to senior stakeholders, including CISOs, security executives and system owners, providing clear assessment outcomes and maturity uplift guidance.

This is a hybrid position based in Canberra – Ngambri. 

 Your key responsibilities

• Lead end-to-end delivery of Essential Eight maturity assessments in-line with ASD guidance across Unclassified, Official, Protected and higher environments.
• Conduct document-based control reviews including policies, standards, procedures, architectural designs and operating models.
• Plan and execute onsite assessments including evidence collection, interviews, observation and validation of implemented controls.
• Assess technical control effectiveness across application whitelisting, patching, macro security, privilege management, MFA, backups and configuration hardening.
• Critically evaluate the design and operating effectiveness of controls against Essential Eight maturity requirements.
• Document assessment outcomes with clear maturity ratings, risk articulation and defensible audit trails.
• Develop clear findings, evidence summaries and prioritised remediation recommendations for technical and executive audiences.
• Provide quality assurance over junior assessor outputs and contribute to consistent assessment methodologies.
• Support client uplift programs through reassessment, targeted advisory and validation reviews.
• Engage confidently with system owners, infrastructure teams and security leadership to validate control implementation.
• Engage confidently with industry executive leaders, communicating clearly on assessment scope, approach and findings.
• Maintain strong alignment to ASD guidance, ISM, PSPF and DISP requirements as applicable.

Skills and attributes for success

Experience and Qualifications:

• 7-10 years’ experience in cyber security, technology risk or security assurance roles.
• Demonstrated experience delivering Essential Eight assessments end to end.
• Experience working with Australian Federal Government or regulated industry clients.
• Prior audit, assurance or risk assessment background highly regarded.
• Relevant certifications desirable including CISSP, CISA, CISM, ISO 27001 Auditor, CRISC or similar.
• Formal tertiary qualification in information security, IT or related discipline preferred.

Technical Knowledge and Skills:

• Strong working knowledge of the ACSC Essential Eight maturity model and assessment guide.
• Practical understanding of Windows operating systems and security configuration baselines.
• High-level understanding of modern ICT environments, including on-premise, cloud and SaaS application architectures.
• Solid networking fundamentals including firewalls, segmentation, remote access, authentication flows and logging.
• Understanding of identity and access management including privileged access models and MFA implementations.
• Knowledge of backup architectures, recovery testing and resilience considerations.
• Familiarity with vulnerability and patch management processes and tooling.
• Ability to interpret technical artefacts such as system builds, group policies, firewall rules, and access configurations.
• Understanding of common security control frameworks such as ISM, NIST and ISO 27001.

Assessment and Consulting Skills:

• Demonstrated experience undertaking formal control assessments in regulated or government environments.
• Strong understanding of assurance principles including independence, evidence sufficiency and defensibility.
• Experience conducting both paper-based and onsite evidence driven assessments.
• Ability to identify gaps between documented intent and actual operational practice.
• Comfortable challenging control owners where evidence does not support claimed maturity.
• Proven ability to communicate complex technical issues clearly and concisely.
• Comfortable engaging with senior executives, CISOs and technical teams.
• Strong written skills with experience producing assessment reports suitable for executive and regulator consumption.

Ideally, you’ll also have the skills and attributes below but don’t worry if you don’t tick all the boxes. We’re interested in your aptitude, attitude and willingness to learn. 

• High level of professional judgement and integrity.
• Strong attention to detail and evidence discipline.
• Structured and methodical approach to assessment delivery.
• Confidence operating in sensitive and secure environments.
• Commitment to continuous learning and alignment to evolving government guidance.

What we offer you
At EY, we’ll fuel you and your extraordinary talents in a diverse and inclusive culture of globally connected teams. We’re proud to be recognised as the #1 WORK180 Endorsed Employer in the Top 101 Employers for Women 2026. Learn  more.

• Career development: At EY, your career is yours to shape! We’ll develop you with future-focused skills and equip you with world-class experiences ey.com/au/careerdevelopment
• Flexible work arrangements: Our flexible work policies empower you to balance your professional and personal life, fostering a culture of trust and autonomy.
• A comprehensive benefits package: From a yearly wellness incentive, to access to additional 8 weeks of flex leave per year, and family-friendly policies, including 26 weeks of gender-neutral paid parental leave, we cater to your diverse needs to help you thrive both personally and professionally www.ey.com/au/benefits    
• Salary: We offer a competitive salary which is open to negotiation pending on skills and experience.

Acknowledgement of Country

EY acknowledges the Traditional Owners and Custodians of the lands on which EY offices are located around Australia. We pay our respects to their cultures, and to their Elders — past, present, and emerging. Find out more about our vision for reconciliation at ey.com/en_au/careers/indigenous

Inclusiveness is core to who we are and how we work together, driving value for our people and for our business. We encourage applications from people of all ages, nationalities, abilities, cultures, sexual orientations, and gender identities and are committed to providing an equitable and barrier free recruitment experience for all. We encourage you to share any support and adjustments you need to be your best and participate equitably in our recruitment process. We understand sharing your needs with us can be daunting, so if you have questions before or during your application, we welcome you to get in touch at contactrecruitment@au.ey.com or +61 3 8650 7788 (option 2). Anything you tell us will be kept completely confidential.

Are you ready to shape your future with confidence? Apply today. 
#LI-Hybrid  

EY | Building a better working world 

Our preferred applicant will be required to undertake employment screening by EY or our external third-party provider. 

© 2025 Ernst & Young Australia. A member firm of Ernst & Young Global Limited. All Rights Reserved. Liability limited by a scheme approved under Professional Standards Legislation.