The Senior Security Risk Analyst at the NSW Department of Planning, Housing and Infrastructure (DPHI) is a strong opportunity for applicants with deep cyber risk, third-party risk and governance experience who want to work on practical security uplift across a large government environment. This role focuses on leading the rollout of a new third-party risk management framework, supporting procurement and vendor due diligence, improving risk visibility, and contributing to broader cyber security and GRC activities across the department.
For applicants working out how to apply for Senior Security Risk Analyst, the key is to approach it as a role that combines technical security risk knowledge with practical stakeholder work. You need to show that you can assess vendors, embed security requirements into procurement processes, report clearly to executives, and support day-to-day cyber and compliance activity in a complex organisation. You can view the official job ad here and use it alongside your application drafting.
NSW Government recruitment is assessed against both the application instructions and the role requirements. That means your application needs to include the right documents in the right format, and your claims need to be backed up with clear evidence. A hiring manager will be looking for examples that show what you have done, how you did it, and what result you achieved in environments that are relevant to this work.
This role will suit applicants who can operate confidently across cyber risk, procurement, vendor assurance and executive reporting, while also handling BAU governance and compliance work. The strongest applications will connect past work directly to the department’s needs and make it easy for the panel to see capability, judgement and practical impact.
Contents
- Senior Security Risk Analyst role snapshot
- NSW Government application requirements
- Application requirements for Senior Security Risk Analyst
- NSW Government candidate requirements
- Candidate requirements for Senior Security Risk Analyst at NSW Department of Planning, Housing and Infrastructure (DPHI)
- Example application structure for Senior Security Risk Analyst
- Help with your Senior Security Risk Analyst application
Senior Security Risk Analyst role snapshot
| Role Title | Senior Security Risk Analyst |
| Organisation / Entity | NSW Department of Planning, Housing and Infrastructure (DPHI) |
| Job location | Statewide, Sydney – West, Sydney City; Office based in Parramatta with flexible working supported | Other NSW DPHI office locations considered upon application |
| Work type | Temporary (Up to 30 June 2027) full-time |
| Total remuneration package | Salary relative to experience, and ranges from $129,464 to $142,665 + super |
| Closing date | 24 May 2026 at 11:55 pm |
| Official job ad | Read the full job ad |
NSW Government application requirements
Application requirements matter because they are used as an early compliance check in NSW Government recruitment. Before the panel weighs up your experience in detail, they need to see that you followed the instructions, submitted the required documents, and provided information in a format that can be assessed properly. A well-targeted application starts with getting these basics right.
Application requirements for Senior Security Risk Analyst
For this role, you need to submit a resume and a cover letter, and complete the application online. There is no stated page or word limit for the cover letter, so a practical maximum is two pages. You can apply through the official page here: Apply for this role here.
No targeted questions are listed, so the written part of the application centres on your resume and cover letter. That makes the cover letter especially important because it is your main chance to connect your experience to the role requirements in a clear, structured way. Your strongest approach is to use the letter to address the listed capabilities directly with concise examples, while your resume supports that with scope, context and career history.
NSW Government candidate requirements
Candidate requirements are the capabilities, experience areas and qualifications the hiring manager wants to see demonstrated in your application. These points should shape the examples you choose in your cover letter and the achievements you highlight in your resume, because they tell the panel what successful performance in the role looks like.
Candidate requirements for Senior Security Risk Analyst at NSW Department of Planning, Housing and Infrastructure (DPHI)
| Requirement or capability from role | How to demonstrate it |
|---|---|
| Hands-on third-party risk leadership, delivering fit-for-purpose security risk frameworks aligned to ISO 27001 and the NSW Cyber Security Policy, with a strong grounding in information security risk management (ISO/IEC 27005) and control frameworks such as NIST, ASD ISM and the Essential Eight. | Show a clear example where you led or significantly shaped a third-party or security risk framework in practice. Explain the environment, the framework or controls you aligned to, how you implemented or improved the approach, and what changed as a result for risk visibility, consistency or compliance. |
| Strong vendor due diligence capability, carrying out practical assessments across cloud, SaaS and managed service providers using SIGs, security questionnaires and control gap analysis to strengthen security posture. | Use an example of a vendor assessment you personally led or delivered. Include the type of provider, the assessment tools or methods you used, the risks or control gaps you identified, and how your work improved decision-making, remediation or security posture. |
| Procurement-savvy cyber support, embedding security requirements into sourcing and contracts, and working confidently with GRC tools and risk workflows to support business outcomes. | Demonstrate how you worked with procurement or commercial teams to build security requirements into sourcing, evaluation or contract stages. Show that you understand how cyber risk advice supports business outcomes, and include a practical example of using GRC tools or workflows to manage or track that work. |
| Clear, executive-ready reporting, analysing data from multiple sources to improve controls and translating complex risk information into clear insights using data visualisation tools (e.g. PowerBI, Tableau) and dashboards. | Give an example where you turned technical or risk data into reporting that senior leaders could use. Explain the data sources, the reporting format, any dashboard or visualisation tool used, and how your reporting supported decisions, prioritisation or control improvement. |
| Solid BAU cyber and GRC capability, comfortable supporting day-to-day security, risk and compliance activities in large, complex environments across enterprise platforms and controls. | Show that you can handle ongoing operational cyber and GRC work, not only project-based tasks. A strong example would cover the scale or complexity of the environment, the types of BAU activities you supported, and how you maintained consistency, responsiveness and control effectiveness. |
| Tertiary qualifications in computer science, information and technology or related technical field and/or relevant experience including risk management and compliance. | Confirm your qualification if you hold one, or clearly establish equivalent relevant experience. In your application, make it easy for the panel to see your technical background and your direct experience in risk management and compliance work. |
Example application structure for Senior Security Risk Analyst
This application requires a cover letter because no targeted questions are listed and the written assessment is structured around your supporting documents. No page or word limit is stated, so a maximum of two pages is a practical limit for the cover letter. The table below shows how to organise that letter so each requirement is addressed clearly and efficiently.
| Cover letter section | What to include |
|---|---|
| Opening paragraph | A strong value proposition. Explain what combination of cyber security risk, third-party risk, vendor assurance, procurement support and GRC experience makes you well suited to the Senior Security Risk Analyst role at DPHI. Keep this to one concise paragraph. |
| Hands-on third-party risk leadership, delivering fit-for-purpose security risk frameworks aligned to ISO 27001 and the NSW Cyber Security Policy, with a strong grounding in information security risk management (ISO/IEC 27005) and control frameworks such as NIST, ASD ISM and the Essential Eight. | Use a focused example showing that you have led or rolled out a third-party or security risk framework in a real operating environment. Include the standards or control frameworks you worked to, the problem you were solving, the actions you took, and the result for governance, consistency or risk reduction. |
| Strong vendor due diligence capability, carrying out practical assessments across cloud, SaaS and managed service providers using SIGs, security questionnaires and control gap analysis to strengthen security posture. | Provide a concrete example of a vendor due diligence assessment across a relevant provider type. Show your assessment method, the issues or gaps identified, how you communicated findings, and what action followed. |
| Procurement-savvy cyber support, embedding security requirements into sourcing and contracts, and working confidently with GRC tools and risk workflows to support business outcomes. | Include an example where you worked with procurement or business stakeholders to embed security into sourcing or contract processes. Show how you balanced risk, compliance and business needs, and mention the GRC tools or workflows you used if relevant. |
| Clear, executive-ready reporting, analysing data from multiple sources to improve controls and translating complex risk information into clear insights using data visualisation tools (e.g. PowerBI, Tableau) and dashboards. | Choose an example that shows your reporting judgement as well as your technical communication. Explain how you analysed data, built reporting or dashboards, and helped executives understand priorities, trends or control issues. |
| Solid BAU cyber and GRC capability, comfortable supporting day-to-day security, risk and compliance activities in large, complex environments across enterprise platforms and controls. | Show that you can contribute consistently to operational cyber and GRC work in a large environment. Use an example that demonstrates reliability, breadth of exposure and practical understanding of ongoing security, risk and compliance activities. |
| Tertiary qualifications in computer science, information and technology or related technical field and/or relevant experience including risk management and compliance. | Briefly confirm your qualification or equivalent experience and connect it to the work of this role. This can be handled in a short paragraph that reinforces your technical foundation and relevant risk and compliance background. |
| Closing paragraph | A short, confident conclusion reinforcing why you are a strong candidate for the role. Re-state your fit for the work, your ability to contribute to DPHI’s third-party risk and cyber governance uplift, and your interest in the opportunity. |
What the panel will want to see in your examples
- Examples where you personally led, designed, assessed or improved something, rather than only supported it at a distance.
- Clear links between your work and the role’s focus on third-party risk, vendor assurance, procurement support and cyber governance.
- Evidence that you can work within recognised security and risk frameworks and apply them in a practical way.
- Strong stakeholder judgement, especially when working with vendors, procurement teams, business areas and executives.
- Results that show improved visibility of risk, stronger controls, better decision-making or more effective compliance outcomes.
- Concise explanations that make complex cyber risk work easy for non-technical decision-makers to understand.
Help with your Senior Security Risk Analyst application
The Senior Security Risk Analyst application needs a clear, evidence-based cover letter that speaks directly to the work DPHI needs done. A generic letter will be easy to spot, so it is worth taking the time to align your examples to the role and review the official job ad again before you submit.
If you want a starting point, Team 3Thirty offers a free NSW cover letter template designed for government applications. If you want practical one-on-one help, you can also get professional application writing support from a government hiring manager. That can help you turn strong experience into a sharper, better-structured application.