POSITION VACANCY – CYBER SECURITY ANALYST
Employer: Wentworth Institute of Higher Education (WIN)Location: Sydney Campus (Level 1–5, 302–306 Elizabeth Street, Surry Hills NSW 2010) with regular support for Canberra Campus (Level 1, 15 Moore Street, Canberra ACT 2601)
Position : Cyber Security AnalystPosition Type: Full-time (38 hours per week)Salary Range: $90,000 – $110,000 per annum plus superannuation (commensurate with experience)
About Wentworth Institute
Wentworth Institute of Higher Education (WIN) is a registered higher education provider (TEQSA) delivering industry-relevant Bachelor and Master programs in Business, Professional Accounting, Information Technology, and Interactive Media. With campuses in Sydney and Canberra, WIN serves over 2,000 domestic and international students through face-to-face delivery. The Institute operates a Moodle-based learning management system for assessment submission and course content delivery, EduLab virtual cloud-based computer labs with Windows 10 and KALI Linux environments for IT practical training, and comprehensive student management systems handling enrolments, fee payments, and academic records. WIN is committed to maintaining a secure digital environment in compliance with TEQSA registration conditions and Australian privacy principles
Position Overview
We are seeking a skilled and proactive Cyber Security Analyst to safeguard WIN‘s information systems, networks, and data assets across both campuses. The role focuses on protecting student and institutional data, securing online learning platforms (Moodle and EduLabenvironments), supporting cybersecurity-related teaching activities, and ensuring regulatory compliance with TEQSA and Australian privacy standards.
Key Responsibilities
1. Protection of Student and Institutional Data
- Conduct comprehensive security assessments on WIN’s student management systems (handling enrolments, academic records, fee payments, and timetabling) and administrative databases to identify and remediate vulnerabilities that could compromise the confidentiality and integrity of student and staff data.• Monitor, investigate, and respond to security alerts and incidents affecting WIN‘s digital learning and administrative environments in real time, delivering rootcause analyses and detailed incident reports to senior management.• Develop, implement, and enforce information security policies, procedures, and recovery strategies to comply with Australian privacy principles, TEQSA registration conditions, and the ACSC Essential Eight framework.• Perform regular privacy impact assessments on systems handling personal information of students and staff, ensuring compliance with the Privacy Act 1988 (Cth).
2. Protection of Teaching and Learning Infrastructure
- Secure WIN’s Moodle learning management system by conducting regular vulnerability scans, reviewing access controls, monitoring for unauthorisedactivity, and ensuring secure upload and storage of student assessments.• Protect the EduLab virtual cloud-based computer labs (Windows 10 and KALI Linux environments) used for practical IT training by implementing network isolation, access controls, and regular security hardening of virtual machine images.• Perform regular vulnerability scanning, penetration testing, and firewall/network security configurations across WIN‘s campus networks (Sydney and Canberra),wired and wireless infrastructure, student and staff Wi-Fi networks, and elearning platforms.• Configure and maintain secure remote access solutions for staff and distance students, ensuring encrypted communications and multi-factor authentication where appropriate.• Manage security of web systems including WIN’s public website, student portals, and online application systems, conducting regular security reviews and patch management.
3. Support for Cybersecurity and ICT Education
- Maintain isolated and secure teaching environments within the EduLab platform to allow students to practise networking and security concepts without risk to production systems.• Collaborate with academic staff to design and deliver security-related practical exercises, including network configuration, vulnerability assessment, and incident response simulations using KALI Linux and other security tools.
4. Risk Management and Regulatory Compliance
- Conduct regular risk assessments to identify security loopholes and weaknesses in WIN‘s IT systems, with particular attention to systems handling student enrolments, fee payments, academic records, and assessment submissions.• Develop and maintain business continuity and disaster recovery plans to ensure the resilience of WIN’s teaching and administrative operations across both campuses.• Ensure WIN‘s cybersecurity posture aligns with TEQSA registration conditions, the ACSC Essential Eight framework, and other relevant regulatory requirements for higher education providers in Australia.• Document emerging cyber threats and trends relevant to the higher education sector, producing actionable intelligence to strengthen WIN’s defences against ransomware, phishing attacks, data breaches, and business email compromise targeting students and staff.
5. Security Operations and Incident Response
- Analyse alerts and data from security products, network security devices, vulnerability scan systems, and intrusion detection systems deployed across WIN‘s ICT environment.• Coordinate incident response activities, including containment, eradication, and recovery from security breaches affecting WIN’s systems and data.• Assess damage from past security events and recommend recovery tools and process improvements to reduce future risk exposure.• Manage WIN‘s overall ICT security posture, including preventive controls, threat detection rules, and security awareness training for staff and students.• Conduct regular security awareness campaigns tailored to the higher education environment, addressing topics such as phishing identification, password hygiene, and secure use of institutional systems.
6. Stakeholder Collaboration and Advisory
- Collaborate with academic and administrative stakeholders to validate security requirements arising from new course implementations, system upgrades, and the adoption of new teaching technologies (e.g., new LMS features, virtual lab enhancements).• Provide strategic and operational information security advice to ICT leadership and Institute management.• Work closely with the Academic Support Systems Manager to ensure secure operation of Moodle, email systems, and software applications used by staff and students.• Liaise with external security service providers and vendors to ensure the effective delivery of managed security services and timely resolution of security incidents.• Promote awareness of emerging cyber security threats and their potential impact on WIN‘s internal and external environment.
Selection Criteria
Essential:
- Bachelor’s degree or higher in Cybersecurity, Information Technology, Networking, or a related field.• Proven experience in cyber security analysis, vulnerability assessment, or a similar role.• Strong knowledge of network security principles, firewall configuration, and vulnerability scanning tools (e.g., Wireshark, Nessus, Nmap).• Demonstrated ability to develop security policies, conduct risk assessments, and implement security controls.• Excellent analytical, problem-solving, and report-writing skills.• Strong communication and collaboration skills, with the ability to work effectively across academic and administrative teams.
Personal Attributes:
- Strong learning agility and adaptability to evolving technologies and threat landscapes.• Ability to perform under pressure and meet deadlines.• Team-oriented with excellent organizational and coordination skills.• Proactive approach to identifying and mitigating security risks.
Pay: $90,000.00 – $110,000.00 per year
Work Location: In person