Senior Security Analyst

Job posted: 07/09/2021
Applications close: 22/09/2021 (Midnight)
1 day remaining

1 day remaining

Job Description

Location: Melbourne | Eastern Metropolitan

Job type: Not provided

Organisation: Monash Health

Salary: Salary not specified

Occupation: Analyst, IT and Telecommunications

Reference: 49244

Reference: 49244

Occupation: Analyst, IT and Telecommunications

Salary Range: Salary not specified

Work location: Melbourne | Eastern Metropolitan

The Digital Health Division (DHD) is a division at Monash Health under one executive sponsor (Executive Director Digital Health) that combines the following departments:

  • Technology Business Services – provides support for the use and development of Information and Communications Technology across Monash Health.

  • Digital Health Division (DHD) Project Management Office (PMO) – the objective of the DHD PMO is to achieve consistently successful project execution that is efficient and well managed. The DHD PMO serves as a centralised project management service for all projects related to Monash Health’s division of Information Development.

  • Advancing Care Program – department responsible for the management of the organisation wide EMR which will allow clinicians to be able to access a patient’s clinical information in one place easily; and

  • Training and Adoption – Training provided for EMR as well as other digital platforms and support for EMR compliance activities.

  • Cybersecurity Office – department responsible for maintaining the Confidentiality, Integrity, and Availability of data and associated systems.

This structure ensures a cohesive delivery of an Information System goal of moving towards a paperless health care environment while simultaneously supporting the priorities and needs of the health service. Designed well, ICT combined with the Electronic Medical Record (EMR) will streamline clinical workflow and processes delivering improvement in quality and efficiency, with a high level of user experience improving patient care.

About the Role

The Senior Security Analyst reports to the CISO and is responsible for overseeing IT security and designing and implementing fit-for-purpose IT security solutions, policies, procedures, and controls in line with relevant frameworks and standards. In addition, the Senior Security Analyst will support the assessment of security risks and determining necessary security controls. Uplifting the organisation’s security capability is an ongoing priority, and proven technical skills along with strong interpersonal and communication skills are necessary.

Under the direction and guidance of the CISO, the Senior Security Analyst will engage with the Hospital to help uplift the current security posture. In addition, the role will also support the CISO with risk, governance and compliance of digital assets and will provide support in delivering the security programme of works.

The overall purpose of this role contributes significantly to ensure the closure of any IT vulnerabilities and the safety of all IT assests from any potential cybersecurity attacks. Work identified and required to remediate vulnerabilities must be undertaken in conjunction with the CISO who will work with Executive Director, Digital Health and Director of Information Technology to prioritise and implement the necessary changes.


The Senior Security Analyst is responsible for the following:

  • Applying cybersecurity knowledge and experience in creating cybersecurity use cases to detect potential anomalous ICT activity.

  • Utilising cyber tools in performing monitoring and the creation of detection rules that identify cyber events of interest

  • Performing retrospective analysis and investigations post the incident/event.

  • Experience in threat detection and incidence response and related reporting.

  • Compile and maintain appropriate documentation on information security systems and procedures.

  • Knowledge of common security threats, attack vectors, and penetration techniques.

  • Actively engage in managing information security at Monash Health, including system security, infrastructure security, perimeter security, network security, endpoint security, remote access security, physical asset security, etc., and continually assessing and enhancing the security posture.

  • Ensuring vendors have adequate security protection and controls, including, where relevant verifying their security design, security framework, security controls, and appropriate certification (e.g. ISO 27001, SOC 1, SOC 2).

  • Support with security tools to ensure adequate security measures are in place, including but not limited to network segmentation, firewalls, intrusion prevention systems, email security, web application firewalls, vulnerability scanning, end-user computing security, security updates, data loss prevention, etc.

  • Conduct threat modelling of services and systems, both internal and external.

  • Conduct security assessments of systems, information and IT infrastructure.

  • Perform user and system audits.

  • Providing regular security metrics for management reporting.

  • Keep abreast of developing security threats, security regulations, and security best practices.

  • Adhere to and participate in Monash Health ICT Change Management processes.


  • Bachelors or Master's degrees in an appropriate discipline, such as Information Systems or Computer Science or Cybersecurity.

  • Professional security certification, preferably CCSP or similar.

  • ITIL v3 certified with working knowledge of the incident, change and problem management.

 Technical skills/knowledge/experience

  • 5+ years of information security experience, IT operations and cyber risk in a complex, and distributed IT operating environment

  • Demonstrated experience in the implementation of at least one of the following information security standards: ISO27001, NIST SP800-53, CIS

  • Proven ability to conduct vulnerability assessments and recognise significant vulnerabilities in security systems

  • Proven ability to apply techniques for detecting and assessing threats and incidents, including intrusion detection and basic malware analysis

  • Strong knowledge and experience working with Active Directory, Access Control, AWS/Azure, O365 security, OS hardening

  • Applied experience with a cybersecurity tool such as SIEM, IPS/IDS, Anti-Virus, Application whitelisting, Network Access Control, vulnerability management or the ability to utilise system administration or scripting experience to address cybersecurity requirements

  • Proven experience in developing and maintaining solid relationships with internal and external teams

  • Working knowledge of shell/python scripting or PowerShell

  • Technical background with broad exposure to multiple technologies

Adherence to Privacy / Confidentiality Requirements

Adhere to Victorian privacy laws – information Privacy Act 2000 and the Health Records Act 2001, as well as other laws regulating the handling of personal information.


  • Outstanding work ethic and discipline

  • Strong attention to detail

  • Strong oral and written communication

  • Continual learning

  • Energetic, self-motivated

  • Problem solver

  • Researches latest information technology security trends

Other position requirements:

  • As we support a culture of safety through employee immunisation, there must be documentation provided confirming completed immunisation on employment at Monash Health

  • Current and satisfactory Police Check (must also comply with Aged Care Act 1997 Accountability Amendment Principles 2012 if working in Aged Care setting)

  • Current and satisfactory Working with Children Check

  • Applicants who are new to Monash Health will be required to enter into an Employment Agreement before commencement

  • Applicants who are new to Monash Health must provide evidence of immunisation before they can receive an offer of employment

What We Offer:

  • Salary packaging

  • On-site fitness centre

  • On-site subsidised car parking

  • Monthly ADO’s (available for full-time employees)

  • Free lifestyle management seminars (superannuation, retirement, etc.)

  • Access to salary packaging, private health insurance and industry banking at competitive rates.

How to Apply

Monash Health recognises the value of equal employment opportunity and is committed to patient safety and promoting fairness, equity and diversity in the workplace. At Monash Health we are relentless in our pursuit of excellence and work to our six guiding principles.

Offers of employment can only be made once all required probity checks have been completed. These include:
• reference checks;
• a clear Police Check conducted within the last three months;
• a current Victorian Employee Working with Children’s Check (or proof of payment for same);and
• proof of immunisation.

As part of our selection process, you may be invited by email to participate in an on-camera video interview.

Please note, applications will be accepted via the Monash Health online Mercury System only. Email applications will not be considered.

Senior Security Analyst

Job type:

Not provided

Job classification:

Not provided


Jacki Considine - 95941736

Senior Security Analyst