Risk and Security Manager
- Risk Champion for Corporate IT; leading, mentoring and coaching an extended team of risk champions across Corporate IT
- Design and execution of the Cyber Security and Technology Risk strategy across Corporate IT
- Work with IT teams to ensure adherence to Group Cyber Security and Risk & Compliance policy and frameworks
- Ensure that Corporate IT meets requirements of regulator / audit / governance committee deliverables, working with owners to meet quality and timeliness requirements
- Oversee the coordination and Corporate IT responses to Internal and External Audit engagements, working with owners to meet quality and timeliness requirements
- Consult into projects, initiatives and remediation activity acting as a risk SME providing advice and guidance as required
- Manage the Information Security Strategy and ensure alignment with the required Group IT governance standards as well as Corporate IT's goals and objectives
- Responsible for the continuous improvement of Corporate IT's cyber security governance model through framework alignment, controls definition and assessment, standards development, and compliance measurement.
- As a subject matter expert on cyber security best practice, you will provide consultative advice and governance over the first line's control activities.
- You will successfully collaborate with the Group IT Cybersecurity and Risk leadership teams to help define and drive the adoption of a cyber security control framework that allows for the continuous measurement and simplified reporting of control effectiveness.
- You will help define the appropriate oversight model and flow of information working closely with the control operators across Technology.
Technical capabilities of the role
Skill/ experience/ qualifications
- Minimum of 5 years' experience in security governance, operational risk management, IT audit, internal controls/risk management;
- Demonstrated competencies with Operational Risk activities within the Three Lines of Defence model.
- Best practice standards such NIST, COBIT 5, ISO27001 or ITIL and an understanding of regulatory compliance requirements such as CPS234
- Demonstrated experience in a similar information security management role, working within in in a fast-paced financial or government environment, with demonstrated experience in compliance and regulatory requirement
- Qualification aligned to Computer Science, Business or other relevant field and relevant professional certification/qualification: Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM)
- Evaluating compliance to policy, standards and procedures
If it sounds Like you please hit apply and I will get in touch with you
+61 2 9249 8023
State: QLD, licensee/s Manpower Services (Australia) Pty Ltd, LHL-02026-D5L4Q. State: QLD, licensee/s Greythorn Pty Ltd, LHL-02014-Y5F6D. State: SA, licensee/s Manpower Services (Australia) Pty Ltd, LHS 288856