BAF® Request: AUCKLAND-666-IT-Cyber Security-Cyber Security Audit



A new ICG local government client is looking for a Cyber Security Consultant to work with their CIO to undertake an audit of current practices and provide pragmatic recommendations and trade-offs for an improved situation, including governance and implementation strategy. Today, attacks on local government involve identity and financial theft, exfiltration of information, and extortion using ransomware.

The successful accredited professional will be accountable for:


  • Conducting an audit of current practices and risks for an organization of 700 FTE’s and 200 contractors, 12 locations, 5 websites and one ticketing site;
  • Review governance, policies, and daily practices of users and their managers, executive and council;
  • Understanding of a pragmatic cyber security framework specific to local government that gives the ability to manage and reduce organisational cyber security related risk;
  • Familiarisation with other notable local government cyber security strategies to identify acknowledged best practices;
  • Create a risk profile for the organization – current state and proposed;
  • Familiarization with expense budgeting processes and how recommendations can be funded, with appropriate prioritization and related trade-offs;
  • Create a high-level improvement plan for asset protection that includes:
    – Current and future target risk and maturity profile
    – Security practice size/shape
    – Risks and opportunities for customer facing, business network and control systems
    – Governance opportunities
    – Education and training opportunities
    – Changes to current security footing as it relates to the environment
  • Provide a risk-weighted implementation plan as part of the overall recommendations.

The Role

Cyber Security Consultant

Our client is a local government entity in New Zealand.

As a government entity there are a wide variety of internet-based interactions taking place daily, involving a large number of employees across several departments and locations, contractors working on behalf of the organization, and the participation of the broader public in website and email exchanges.

Our client seeks a cyber security audit and risk assessment, to include high-level recommendations for addressing risks within budget constraints.

The successful accredited professional will have deep experience in Cyber Security auditing, risk assessment and mitigation strategies, with an ability to understand complex organisations and their ICT footprint, and a propensity for pragmatic solutioning.

Ideally the accredited professional will have significant experience in:


  • 5+ years as a management consultant or industry executive
  • The New Zealand Information Security Manual (NZISM) on information assurance and information systems security
  • CISM, CISA orCISSP professional designation preferred
  • Complex multi-business, multi-geography enterprises
  • Cyber security experience in an executive and consulting role, in North America or Europe, Australia and New Zealand
  • Dealing with a variety of regulatory stakeholders


Logistics, Location & Rate

The engagement will commence on or about 3 February 2020 and last 4-6 weeks.

Location: The client location is on the North Island of New Zealand

Reasonable travel and accommodation expenses will be negotiated with the successful candidate. Preference will be given to New Zealand-based professionals.

Rates: Final amount to be negotiated with the client, however, depending on level of experience and seniority, the daily gross rate range for the Cyber Security Consultant would be between $NZ 1,800 and $NZ 2,200.

Close date: No later than Thursday 9th Janaury, 5pm AEDT

We will review all APT’s and select the best 3 applicants. The client will then conduct interviews.

To apply for this BAF® Please log into the link below to apply online to ICGs new Application Tracking Software (ATS) and confirm that you are available (or will make yourself available) for interviews at the client’s discretion.

If you are aware of suitable candidates for the role that might not already be ICG Accredited Professionals, please forward this email to them and ask them to review our website.