Data Security Analyst

Position Details

Clerk Grade 7/8$113,574 - $125,720 plus superannuation and annual leave loadingOngoing, full-time opportunityClose to Wynyard station & hybrid work arrangements available

About NESA

At the NSW Education Standards Authority (NESA), we are dedicated to carrying out meaningful work that drives improvements and elevates student achievement across NSW, now and into the future. We accomplish this by supporting all school sectors with high-quality syllabuses, assessment (including managing the HSC and NAPLAN), teaching standards (e.g., accrediting teachers) and school environments (including setting and monitoring school standards). NESA is a unique organisation in NSW (of around 740FTE staff) with significant state-wide impact. Visit our website to learn more about the important work we do.

About the Data Security Analyst Role

Are you ready to protect our information and drive security forward? At NESA, join our newly established Cybersecurity, Information Assurance, and Data Protection team and play a key role in safeguarding critical information across the organisation. As a Data Security Analyst, you will play a key role in protecting sensitive information and ensuring compliance with data security standards across the organisation. This role is responsible for implementing and managing technical safeguards, maintaining secure configurations, and ensuring compliance to protect critical data assets across their lifecycle, including secure retention and disposal practices. This is an exciting opportunity for someone who thrives on balancing service delivery with strong security practices, while working collaboratively with ICT, data governance, and privacy teams.

Day-to-day Responsibilities

• Designing and implementing technical data protection controls such as encryption, tokenisation, masking, and secure data transfer in collaboration with ICT and vendors.
• Ensuring secure configuration and monitoring of storage, backup, and archival systems with ICT and other record management practices across different BUs.
• Defining and supporting Data Loss Prevention (DLP) policies for endpoints, cloud services, and email, coordinating deployment across the business.
• Providing guidance on access control models (RBAC) to promote least privilege principles.
• Collaborating with Identity and Access Management to integrate data access controls with enterprise identity systems.
• Advising on encryption practices for data at rest, in transit, and in use, including standards-aligned key management.
• Monitoring data security telemetry, supporting investigations of suspicious activity, and assisting with remediation strategies.
• Supporting the deployment of data discovery and classification tools to govern sensitive data, aligned with regulatory and organisational requirements.
• Supporting data protection efforts by leading security awareness initiatives focused on safe data handling.
• Supporting records and information management objectives by contributing to data and information assets’ visibility, aligning classification with retention and disposal requirements, and embedding secure lifecycle practices across business processes.
• Contributing to awareness, communication, and uplift initiatives that promote safe and compliant information management practices across the organisation.

Our Ideal Candidate Will Have

• The ability to balance service delivery demands with robust security practices in a dynamic environment.
• Strong organisational skills to manage conflicting and changing priorities while meeting service standards.
• Current knowledge across a range of technical and security streams to provide expert advice.
• An understanding of data protection technologies such as encryption, tokenisation, masking, and secure transfer methods.
• Experience with data discovery, classification, and governance practices to protect sensitive data.
• Knowledge of compliance frameworks such as ISO 27001 and relevant privacy legislation.
• An understanding of records and information management principles, including data and information asset registers, retention and disposal requirements, archival controls, and alignment with organisational recordkeeping obligations would be highly desirable.

Essential Requirements

• Tertiary qualifications in a relevant field or equivalent experience.
• A valid Working with Children Check (WWCC) clearance for paid employment (prior to commencement, not required at application).

Benefits at NESA

• An organisation where your contribution has a big impact.
• An enviable CBD location (all modes of transport nearby, and excellent coffee and eateries) with refurbished offices.
• Flexible working arrangements and generous leave entitlements.
• Access to discounted health and fitness memberships via Fitness Passport, an employee assistance program and annual flu vaccinations.
• Salary packaging options.
• Working in a purpose driven and ethical organisation with committed colleagues.

Application Process

Ready to join us? Select apply and attach an up-to-date résumé (maximum 5 pages) and a cover letter (maximum 2 pages). Also address the 2 targeted questions below in your online application: Describe a situation where you identified a potential breach of data security or a compliance issue. How did you act to address the issue while maintaining professional integrity, and what did you learn from the experience? Provide an example of when you had to analyse complex technical information and communicate your findings to non-technical stakeholders. How did you ensure your recommendations were understood and implemented effectively?

Key Skills/Competency

• Data Protection
• Information Security
• Compliance Management
• Risk Assessment
• Access Control
• Data Loss Prevention (DLP)
• Encryption
• Security Awareness
• Data Governance
• Records Management