a. Assessment and Authorisation: 1) Provide System Assessment and Authorisation activities as directed by the CDT Engineering Manager. 2) Conduct system Assessment and Authorisation activities in accordance with: a) ASD Information Security Manual (ISM) b) Protective Security Policy Framework (PSPF) c) Defence Security Policy Framework d) Cyber Security Assessment and Authorisation (CSAA) Charter, assessment methodology, templates, and guidance. 3) Perform security assessments using Operational Effectiveness Reviews (OER) as the default approach, with Design Effectiveness Reviews (DER) conducted where justified. 4) Audit the effectiveness of system security controls implemented across CDT capability systems. 5) Develop and deliver assessment artefacts including: a) Security Assessment Reports (SAR) b) ATO briefs c) Risk statements and recommended remediation actions. b. Risk Identification and Analysis: 1) Identify, analyse, evaluate, and escalate cyber security and business risks 2) I...