The Department of Primary Industries and Regional Development (DPIRD) is seeking cyber security analyst services to support the development and implementation of an IT security framework.
The DPIRD is implementing an automated Business Systems Assurance Framework (BSAF) to provide a structured approach to governance, risk management, and compliance across cyber, AI, data, and accessibility domains.
It will establish formal policies, procedures, and controls to protect digital assets, AI-enabled systems, and IT infrastructure from cyber threats while ensuring ethical and responsible use of AI technologies.
Given the scale of the BSAF project, ongoing support will be required to enhance and refine governance processes, maintain compliance, and embed a culture of security and responsible AI use across the organisation.
The scope of the services DPIRD is seeking includes providing strategic guidance on risk, policy, and assurance to enable safe innovation while aligning with NSW Cyber Security Policy v6, international standards (e.g., ISO 27001, NIST CSF), and organisational requirements.
Leading the organisation-wide implementation of the BSAF, ensuring alignment with the NSW Cyber Security Policy v6 mandatory requirements and integrating assurance mechanisms across all business groups, alongside developing an AI Assessment Framework rollout plan, ensuring that all systems with AI-enabled functionality are assessed across the entire system lifecycle is also required.
Managing incident response planning and coordinating ICT and AI security activities, including establishing and managing virtual response teams, conducting regular security audits, intrusion prevention, vulnerability management, detection systems, border and gateway security, is also included in the scope of services.
Knowledge of AI governance frameworks and AI ethics principles is "highly desirable", while proven experience in developing and implementing cyber security governance frameworks, including policy, risk, and assurance functions is a requirement.
Experience in AI governance and risk management, including implementation of AI Assessment Frameworks or AI assurance processes; a demonstrated ability to design, implement, and manage BSAF or equivalent enterprise-wide IT assurance programs; and strong experience in information security management, including vulnerability management, incident response planning, and security auditing are all required.
The engagement is expected to run for eight months from 1 November 2025, with milestone reviews and reporting integrated into the project plan.
_(11).jpg&h=142&w=230&c=1&s=1)
.jpg&w=100&c=1&s=0)
_(8).jpg&w=100&c=1&s=0)
.jpg&q=95&h=298&w=480&c=1&s=1)
